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THE ELECTRIC GRID, CRITICAL INTERDEPEN- 
DENCIES, VULNERABILITIES, AND READINESS 


THURSDAY, SEPTEMBER 4, 2003 

Subcommittee on Cybersecurity, Science, 
and Research and Development, 

AND 

Subcommittee on Infrastructure 
and Border Security, 
Select Committee on Homeland Security, 

Washington, DC 

The subcommittees met, pursuant to call, at 1:00 p.m., in Room 
2237, Rayburn House Office Building, Hon. Dave Camp, [chairman 
of the Subcommittee on Infrastructure and Border Security] pre- 
siding. 

Present for the Subcommittee on Infrastructure and Border Secu- 
rity: Representatives Camp, Dunn, Smith, Shadegg, Gibbons, 
Sanchez, Markey, Dicks, Cardin, Slaughter, DeFazio, Jackson-Lee, 
and Pascrell. 

Present for the Subcommittee on Cybersecurity, Science and Re- 
search and Development Subcommittee: Representatives Thorn- 
berry, Smith, Weldon, Camp, Linder, Lofgren, Sanchez, Andrews, 
Jackson-Lee, Christensen and Etheridge. 

Also present: Representatives Cox and Turner. 

Mr. Camp. The joint hearing of the Subcommittee on Infrastruc- 
ture and Border Security and Subcommittee on Cybersecurity, 
Science and Research and Development of the Select Committee on 
Homeland Security will come to order. The title of today’s hearing 
is Implications of Power Blackouts for the Nation’s Cybersecurity 
and Critical Infrastructure Protection: The Electric Grid, Critical 
Interdependencies, Vulnerabilities and Readiness. 

Good afternoon. Chairman Thornberry and I would like to wel- 
come and thank you for attending today’s hearing on infrastructure 
interdependencies. 

The two subcommittees will hear from a panel of experts rep- 
resenting academia, industry and the national security community. 
We have the Honorable J. Cofer Black, Coordinator of the Office of 
the Coordinator for Counterterrorism, Department of State; Larry 
Mefford, Executive Assistant Director of Counterterrorism and 
Counterintelligence, Federal Bureau of Investigation. 

Later, we will have Paul Gilbert, Former Panel Chair of Energy 
Facilities, Cities and Fixed Infrastructure from the National Re- 
search Council; Peter Orszag, Senior Fellow of the Brookings Insti- 
tution; John McCarthy, Executive Director of the Critical Infra- 
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structure Protection Project, George Mason University; Karl 
Rauscher, Founder and President, Wireless Emergency Response 
Team; and Ken Watson, President and Chair, Partnership for Crit- 
ical Infrastructure Security. 

Thank you all for your participation. Your experience in critical 
infrastructure security and interdependencies make your testimony 
very valuable as the Homeland Security Committee continues to 
look at ways to strengthen America’s critical infrastructure. 

The Chair would like to inform members that several witnesses 
have precise departure times, particularly those from across the 
country who have flights to catch; and considering the expertise of 
our two panels and the importance of having sufficient time to hear 
their statements and ask questions, the Chair requests that mem- 
bers agree to a unanimous consent request to waive opening state- 
ments. 

Seeing no objection, we will proceed. 

Today’s hearing will examine our Nation’s complex critical infra- 
structure and the computers and networks that operate and sus- 
tain them. There has never been a more compelling time for our 
Nation to be educated on the threats and vulnerabilities that ter- 
rorists pose to the Nation through attacks on our critical infra- 
structure. 

I would again like to thank our witnesses for being here. We will 
hear testimony from our government panel first, and we will begin 
with Ambassador Black. We have received your written testimony 
and ask that you briefly summarize in 5 minutes your statement. 
Thank you. You may begin. 

STATEMENT OF THE HONORABLE J. COFER BLACK, COORDI- 
NATOR, OFFICE OF THE COORDINATOR FOR COUNTER- 
TERRORISM, DEPARTMENT OF STATE 

Mr. Black. Mr. Chairman, committee members, thank you for 
giving me the opportunity to speak here today. I look forward to 
discussing some of the key challenges we face in our global war on 
terrorism and how protecting critical infrastructure fits into the 
broader scope of our efforts in this area. 

I have a longer formal statement which, with your permission, 
I would like to submit for the record. 

Mr. Camp. Without objection. 

Mr. Black. Mr. Chairman, the phrase “critical infrastructure” 
covers many elements of the modern world. To cite a few examples: 
the computers we use to transfer financial information from New 
York to Hong Kong and other cities, the air traffic control systems 
for international and domestic flights and, of course, the electric 
grid systems. 

The global critical infrastructure is both a contributor to, and a 
result of, the interdependence that exists among nations today. 
Critical infrastructure essentially means all the physical and vir- 
tual ties that bind us together, not only as a society but as a world. 
Terrorists know this, and they see attacking the very bonds that 
hold us together as one more way to drive us apart. 

We have made significant progress in the war on terrorism, but 
the recent blackouts in this country serve as an urgent reminder 
of vulnerabilities that terrorists can possibly exploit. We continue 
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to believe that these blackouts were not the result of terrorist at- 
tacks. We know, however, that terrorists have plotted more dev- 
astating ways to bring massive disruption to our society. 

My role in international cooperation: responsibility for protecting 
critical infrastructure has been assigned to the Secretary for Home- 
land Security. In my role as a coordinator for counterterrorism, I 
am responsible for managing the international effort to counter the 
terrorist threat through effective integration and coordination of 
the efforts of our allies and partners with our own. 

The State Department plays an essential role in coordinating our 
government’s response to matters surrounding critical infrastruc- 
ture as those issues arise abroad. We are working closely on this 
with regional and global sorganizations including APEC, the OAS 
and the OECD and will convene a Southeast Europe cybersecurity 
conference next week in Sofia, Bulgaria, to raise awareness of this 
issue in that region. In addition, we have made this topic a priority 
of our global agenda by drafting three U.N. general Assembly reso- 
lutions on these issues. All these resolutions were adopted unani- 
mously. The U.N. -sponsored World Summit on the Information So- 
ciety will provide yet another forum where we can advance our 
goals on cybersecurity. 

Antiterrorism assistance training. Bilaterally, the State Depart- 
ment is also working with countries across the globe. We are work- 
ing with 16 nations on issues of critical infrastructure protection, 
countries ranging from Canada to India and Australia. Through 
the State Department’s Antiterrorism Assistance Program, known 
as ATA, we offer three separate courses on cyberterrorism that ad- 
dress varying but equally important facets of the problem. 

Additionally, ATA offers vital installation security courses to for- 
eign law enforcement and security organizations. Sixteen countries 
on four continents have received the ATA vital installations course 
in the past two years and at least four more are planned for fiscal 
year 2004. Our recently developed cybersecurity course already has 
been provided to three countries. We plan to engage two more in 
fiscal year 2004. 

Budget requests. Our planned courses for fiscal year 2004 reflect 
the administration’s requested level of ATA funding. The Senate 
foreign operations appropriations bill provides the requested level, 
but the House mark is short by $16 million from the administra- 
tion’s $106 million request. These reductions could result in cutting 
at least several cybersecurity and vital installation courses during 
fiscal year 2004. 

I must also add that funding was cut from our Terrorist Interdic- 
tion Program (TIP) that helps countries better control their borders 
and from our senior policy workshop program. I hope the distin- 
guished members of this committee will encourage their colleagues 
on appropriations committees to support the full funding of these 
critical counterterrorist programs when the fiscal year 04 foreign 
operations appropriation bill goes to conference. 

Mr. Chairman, the State Department also plays a role in helping 
to develop technology to counter threats to the critical infrastruc- 
ture. My office co-chairs, with the Department of Defense, the 
Technical Support Working Group which conducts the national, 
interagency combatting terrorism technology research and develop- 
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ment program. Within the TSWG, an interagency working group on 
infrastructure protection, chaired by the Department of Defense 
with the FBI, focuses on meeting interagency requirements for 
technology development in the areas of cybersecurity, information 
analysis and physical protection. 

The TSWG’s cybersecurity projects focus on preventing or miti- 
gating threats to computer networks vital to defense, transpor- 
tation and critical infrastructure. Our projects are aimed at en- 
hancing detection, prevention, response and alert capabilities to 
counter cyberattacks and harden computer systems. 

For fiscal year 2004 the TSWG program has allotted approxi- 
mately $10 million to fund rapid prototyping and development 
work on 25 projects in the infrastructure protection area based on 
requirements identified by the interagency community. 

In other areas of activity, the Department also has provided 
some 18 key counterterrorist partner countries overseas with an in- 
tensive senior policy workshop. This helps them develop plans and 
procedures to mitigate any use by terrorists of weapons of mass de- 
struction. We are also providing a series of workshops to improve 
energy security in the Caspian Basin, focusing on Kazakhstan. 

I would like to put the issue of critical infrastructure into the 
context of our global efforts in the war on terrorism by discussing 
another type of critical infrastructure: the alliances, partnerships 
and friendships that we have worked so hard to build. These net- 
works of diplomatic exchange and communication serve as the 
foundation on which our national security often rests. 

I just returned this morning from a week in Colombia and Bar- 
bados where I worked to strengthen our partnerships on counter- 
terrorism. In Colombia, kidnapping and drugs are primary sources 
of terrorist funding in that country. While in Colombia, I inaugu- 
rated a new $25 million anti-kidnapping initiative funded by the 
State Department that will provide training and equipment for Co- 
lombia’s special police and military anti-kidnapping units. 

In Barbados, I met with prime ministers from across the Eastern 
Caribbean. Important progress is being made in that region. Sev- 
eral Caribbean states are developing national and regional immi- 
gration alert systems so that they can better track and capture ter- 
rorists who cross their borders and are drafting counterterrorist 
legislation. 

We have also built new relationships with the countries in the 
tri-border region — Brazil, Argentina and Paraguay. We have also 
initiated new counterterrorism partnerships with China, Russia 
and the central Asian republics. 

Our success in this struggle depends heavily on those nations 
around the world that are working with us to defeat terrorism 
within their own borders. Pakistan has taken more than 500 ter- 
rorist suspects into custody. Morocco has arrested al Qaeda 
operatives planning attacks against our shipping. Many other na- 
tions around the world are helping us to uncover terrorist net- 
works. 

Since 9/11, the United States and its partners have detained 
more than 3,000 terrorists in over 100 countries. Also since 9/11, 
more than 30 nations have signed on to all 12 of the international 
antiterrorism conventions and protocols, and many more have be- 
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come parties to them. There has been an upsurge in the number 
of laws, both domestic and international, that deal with terrorism- 
related issues. 

Regarding counterterrorism funding, a key part of our 
counterterrorism effort is the designation of terrorists and foreign 
terrorist organizations. The State Department, together with the 
Departments of Justice, Treasury and Homeland Security and the 
Intelligence Community, has been developing legal cases for the 
designation of terrorists and terrorist organizations so that we can 
block funding. 

Since 9/11, over 170 countries and jurisdictions have issued or- 
ders to freeze terrorist assets. So far, we have frozen more than 
$136 million in terrorist funding and designated more than 290 ter- 
rorist groups and individuals, working hard to help other countries 
become more effective in stopping terrorists from raising and mov- 
ing funds. 

It is essential that we continue to work relentlessly to ensure 
that terrorists, whatever their ideology, religion or ethnicity, do not 
receive safe haven, funding or any other kind of support, both in- 
side and outside our own borders. But with each of these victories, 
new challenges emerge. As the chains of commands in these orga- 
nizations are stressed and broken, it becomes more difficult for ter- 
rorists to confer with their leaders and coordinate large-scale at- 
tacks. That is why we are seeing an increasing number of small- 
scale operations against softer targets. 

One of the lessons our Nation learned a new on that tragic morn- 
ing nearly 2 years ago was that the fates of all nations are linked. 
This lesson takes on new meaning when considered in the context 
of protecting our national and international critical infrastructures 
because, in the last analysis, it is precisely those global systems, 
structures and networks that serve as the foundation for all our ef- 
forts to bring freedom, prosperity and security to people around the 
world. 

I thank you, Mr. Chairman; and I would be happy to take your 
questions when you so choose. 

Mr. Camp. Thank you, Ambassador. 

[The statement of Mr. Black follows:] 

PREPARED STATEMENT OF THE HON. COFER BLACK 

Mr. Chairman, Committee Members: 

Thank you for giving me the opportunity to speak here today. I look forward to 
discussing some of the key challenges we face in our global war on terrorism. It is 
a privilege to speak to you on the crucial issue of counterterrorism, and how pro- 
tecting critical infrastructure fits into the broader scope of our efforts in this area. 

Critical infrastructure means many different things. It means the computers we 
use to transfer financial data from New York to Hong Kong. It means the produc- 
tion facilities that distribute our food across the country and the sanitation systems 
that make our water safe to drink. It means the electronic signals that keep our 
planes in the air and our trains on proper course. At the most fundamental level, 
it means the very interconnectedness on which our society so heavily depends. But 
it also means something more. 

We must remain mindful that global critical infrastructure is both a contributor 
to — and a result of — the interdependence that exists among nations today. It is be- 
cause our ties to Europe and Asia are so strong that an attack on the banking sys- 
tems in either of those places would have a powerful impact on our country. It is 
because we rely so much on our extensive trade relationships with nations around 
the globe that we must ensure that those products reaching our shores are safe to 
sell in this country. It is because we depend on global partnerships for our power 
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that a blackout in one country can trigger a blackout in another. Critical infrastruc- 
ture essentially means all the physical and virtual ties that bind us together — not 
only as a society, but as a world. Terrorists know this, and they see attacking the 
very bonds that hold us together as one more way to drive us apart. 

We have made significant progress in the war on terrorism, but the recent black- 
outs in this country serve as an urgent reminder that there remain vulnerabilities 
for terrorists to exploit. We continue to believe that these blackouts were not the 
result of terrorist acts. We know that terrorists have plotted more devastating ways 
to bring massive disruption to our society. 

We know, for example, that terrorists have assessed the possibility of attacking 
our nuclear plants and our transportation systems. But, in the end, it does not mat- 
ter to terrorists whether the target is an Embassy or a nightclub, a power grid, a 
hotel, or an unguarded building. The targets terrorists attack will no doubt vary 
widely, but the goal toward which they strive remains the same: to undermine the 
security and stability that Americans seek for themselves, their country, and the 
world. 


STATE’S ROLE, INTERNATIONAL COOPERATION 

In the United States, the responsibility for protecting critical infrastructure has 
been assigned to the Secretary for Homeland Security. In my role as the State De- 
partment’s Coordinator for Counter-Terrorism, I am responsible for managing the 
international effort to counter the terrorist threat through the effective integration 
and coordination of the efforts of our allies and partners with our own. 

The State Department plays an essential role in coordinating our government’s 
response to issues surrounding critical infrastructure, as those issues arise abroad. 
We are working closely with regional and global organizations from APEC, the OAS, 
and the OECD, and will convene a Southeast Europe cyber security conference next 
week in Sofia, Bulgaria, to raise awareness of this issue in that region. In addition, 
we have made this topic a priority on our global agenda by drafting three UN Gen- 
eral Assembly resolutions on issues related to information technology and cyber se- 
curity — and all these resolutions were adopted unanimously. The UN-sponsored 
World Summit on the Information Society, which will be held in Geneva in Decem- 
ber, will provide yet another forum where we can advance our goals on cyber secu- 
rity. 


ATA TRAINING 

The State Department is also engaged bilaterally on this issue with countries 
across the globe. We are working with sixteen nations on the issue of critical infra- 
structure protection — countries ranging from Canada to India and Australia. And 
through the State Department’s Antiterrorism Assistance program (ATA), we offer 
three separate courses on Cyber Terrorism that address varying but equally impor- 
tant facets of the problem; preventive measures, techniques in responding to and 
investigating cyber attacks, and familiarizing senior level officials on dealing with 
the problems of a cyber incident. 

Additionally, ATA offers Vital Installations Security courses to foreign law en- 
forcement and security organizations. Sixteen countries on four continents have re- 
ceived the ATA Vital Installations course in the past two years and at least four 
more are planned for Fiscal Year 2004. Our recently developed Cyber Security 
course already has been provided to three countries, and we plan to engage two 
more in FY 2004. 

Our planned courses for FY 2004 reflect the Administration’s requested level of 
ATA funding. The Senate Foreign Operations Appropriation bill provides the re- 
quested level, but the House mark is short by $16 million from the Administration’s 
$106 million request. 

These reductions, if not restored in the Senate-House conference committee, would 
result in cutting at least several Cyber Security and Vital Installations courses dur- 
ing FY 2004. I might also add that funding was cut from our Terrorist Interdiction 
Program, which helps countries better control their borders, and from our Senior 
Policy Workshop program. 

I hope the distinguished members of this Committee will encourage their col- 
leagues on the Appropriations Committee to support the full funding of these critical 
counterterrorism programs when the FY 2004 foreign operations appropriations bill 
goes to the conference committee in the near future. 
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RESEARCH AND DEVELOPMENT 

Mr. Chairman, the State Department plays a role in helping to develop technology 
to counter threats to the critical infrastructure. My office co-chairs, with the Depart- 
ment of Defense, the Technical Support Working Group (TSWG) which conducts the 
national, interagency combating terrorism technology research and development 
program. Within the TSWG, an interagency working group on Infrastructure Protec- 
tion, chaired by DOD and the FBI, focuses on meeting interagency requirements for 
technology development in the areas of Cyber Security, Information Analysis, and 
Physical Protection. Other Departments and Agencies represented on the Infrastruc- 
ture Protection Subgroup include the Departments of Homeland Security, Energy, 
Defense, Justice, Agriculture, Commerce, Treasury, and Transportation, as well as 
the Federal Emergency Management Agency, the Environmental Protection Agency, 
and the Nuclear Regulatory Commission. 

The TSWG’s Cyber Security projects focus on preventing/mitigating threats to 
computer networks vital to defense, transportation, and critical infrastructure. Our 
projects are aimed at enhancing detection, prevention, response, and alert capabili- 
ties to counter cyber attacks and harden computer systems. Our Information Anal- 
ysis projects focus on enabling analysis and understanding of the information space. 
Specifically, we are working on technologies to enhance information storage, protec- 
tion, and analysis. The TSWG’s Physical Protection projects seek to develop stand- 
ardized methodologies and decision aids for vulnerability analysis and enhanced 
protection of critical elements of the nation’s infrastructure with particular empha- 
sis on meeting the needs of Supervisory Control and Data Acquisition (SCADA) 
users and systems. 

For FY 2004, the TSWG Program has allotted approximately $10M to fund rapid 
prototyping and development work on 25 projects in the Infrastructure Protection 
area based on requirements identified by the interagency community. A number of 
the Departments and Agencies included in the Infrastructure Protection Subgroup 
are contributing funds to support the work of the TSWG in this vital area. 

In another area of activity, the Department also has provided some 18 key 
counterterrorist partners with an intensive Senior Policy Workshop to help them de- 
velop plans and procedures to mitigate any use by terrorists of weapons of mass de- 
struction. We are also providing a series of workshops to improve energy security 
in the Caspian Basin, focusing on Kazakhstan. These are all part of the important 
effort to strengthen the ability of countries worldwide to counter the variety of ter- 
rorist threats that face us today. 

GLOBAL CONTEXT 

I would like to use my remaining time to put the issue of critical infrastructure 
into the context of our global efforts in the war on terrorism — by talking with you 
about another type of critical infrastructure: the alliances, partnerships, and friend- 
ships that we have worked so hard to build. Like other types of critical infrastruc- 
ture, these networks of diplomatic exchange and communication serve as the foun- 
dation on which our national security often rests. 

I just returned from a week of travel to Colombia and Barbados, where I worked 
to strengthen our partnerships on counterterrorism. In Colombia, I saw firsthand 
the powerful impact of our cooperation against kidnapping and drugs — both primary 
sources of terrorist funding in that country. While in Colombia, I had the pleasure 
of inaugurating a new $25 million Anti-kidnapping initiative — funded by the State 
Department — that will provide training and equipment for Colombia’s special police 
and military anti-kidnapping units to enhance their ability to deal with the esti- 
mated 3,000 kidnapping incidents each year. 

In Barbados, I met with Prime Ministers from across the Eastern Caribbean, and 
I am pleased to report that important progress is being made throughout that re- 
gion. Several Caribbean states are developing national and regional immigration 
alert systems so that they can better track and capture terrorists who cross their 
borders. Some Caribbean countries are also making strides against money laun- 
dering and drug trafficking — and some are working to develop common laws to 
achieve common goals in the campaign against terrorism. I was pleased to see — in 
both Colombia and Barbados — that our partnerships are aimed at combating ter- 
rorism in a number of different ways. 

In the fight against terrorism — triumph will not come solely, or even primarily, 
through military might. Rather, it will come through success on a variety of dif- 
ferent fronts with a variety of different tools. We need better regional and global 
methods of collecting and exchanging intelligence and information, and better mili- 
tary coordination. We need more vigorous cooperation to sever the sources of ter- 
rorist funding. Our actions must help to win the trust not only of governments, but 
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of the people they represent. And success on each of these requires effective diplo- 
macy. 


DIPLOMACY 

Diplomacy is the backbone of our campaign — for one simple reason: terrorism has 
no citizenship. The list of passports that terrorists — and their victims — carry is long 
indeed. Those 19 extremists who hijacked our planes on September 11, killed the 
innocent sons and daughters of more than 90 countries that day. Those men and 
women of the United Nations whom terrorists attacked in Baghdad last month, had 
come together from across the globe. Terrorism affects all corners of the world and 
we must be united, as a world, in fighting it. 

Secretary of State Colin Powell has worked hard to forge new friendships and 
strengthen existing ones. Through our Smart Border Accords with Canada, we held 
the TOPOFF II exercises last May. This five-day, full-scale exercise involved top of- 
ficials and response personnel and gave us a clearer picture of how our country 
would respond to attacks with weapons of mass destruction on major metropolitan 
areas. This exercise is just one example of the success old partnerships can produce 
in facing the new challenges that lie ahead. 

On a global and regional level, we continue to work closely with organizations, 
ranging from NATO, the G— 7, and the United Nations, to ASEAN, the OAS, and 
the OSCE. We have built new relationships on counterterrorism with countries like 
Brazil, Argentina, and Paraguay through the young “3+1” Counterterrorism Dia- 
logue. We have also initiated new counterterrorism partnerships with China, Rus- 
sia, and the Central Asian Republics. And many more nations hold promise for 
deepened engagement in the future. 

Our success in this struggle largely rests with those nations around the world 
who are working with us to defeat terrorism within their own borders. Pakistan has 
taken more than 500 terrorist suspects into custody, including Ramzi bin al Shibh 
and Khalid Sheikh Mohammed. With Jordan’s help, two individuals were arrested, 
both of whom we believe are responsible for the murder of USAID employee Lau- 
rence Foley in October, 2002. Morocco has arrested Al Qaida operatives planning 
attacks against our shipping interests. And Saudi Arabia has helped in many ways 
to capture terrorists and disrupt their activities. Many other nations around the 
world are helping us to uncover the extent of terrorist networks; chart the move- 
ments of their members; and master the means of their demise. 

Just a few weeks ago, we accomplished a key goal in the war by capturing 
Hambali, the mastermind behind Bali bombing in October, 2002. Working together 
with the governments of Thailand and the Philippines, we added Hambali to the 
list of nearly two-thirds of the top Al Qaida leaders, key facilitators and operational 
managers whom we have either killed or captured in the past two years. And since 
9/11, the United States and its partners and allies have detained more than 3,000 
terrorists in over 100 countries. 

And we are making measurable progress on many other fronts, as well. 

COUNTERING TERRORISM FUNDING 

Since 9/11, over 170 countries and jurisdictions have issued orders to freeze ter- 
rorists’ assets — and so far, the international community has frozen more than $136 
million in terrorist funding and designated over 290 terrorist groups and individ- 
uals. We are working hard to build capacity in those states that are on the front 
lines of the war on terrorism, so that they can better stop terrorists from raising 
and moving funds. Thanks to UN Security Council Resolution 1373, we now have 
specific criteria by which to measure national progress in blocking terrorist fund- 
raising. And we are developing international standards and best practices, through 
both the Security Council’s Counterterrorism Committee and the Financial Action 
Task Force. 

Since 9/11, more than 30 nations have signed onto all 12 of the international 
antiterrorism conventions and protocols, and many more have become parties to 
them. There has been an upsurge in the number of laws — both domestic and inter- 
national — that deal with terrorism-related issues. There are now more laws limiting 
terrorists’ actions in more countries than ever before, and more governments are 
willing to enforce those laws. Our country has been involved in helping other na- 
tions strengthen their counterterrorism legislation and then, enforce it. 

But with each of these victories, new challenges emerge. As the chains of com- 
mand in these organizations are stressed and broken, as they were when we cap- 
tured Hambali, it becomes more difficult for terrorists to confer with their leaders 
and coordinate large-scale attacks. That is why we are seeing an increasing number 
of small-scale operations against softer targets. 
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The more successful we are, the more likely it is that terrorists will act independ- 
ently against unguarded targets. As a result, we will need to exercise heightened 
vigilance even as we continue making measurable progress on many fronts. 

Another key part of our counterterrorism effort is the designation of terrorists and 
terrorist organizations. The State Department — together with the Departments of 
Justice, Treasury, and Homeland Security, and the Intelligence Community — has 
been developing legal cases for designating terrorists and terrorist organizations so 
that we can freeze funds and prevent attacks. 

To do this, we rely primarily on two legal authorities. The first is the 
Antiterrorism and Effective Death Penalty Act of 1996 which amended the Immigra- 
tion and Nationality Act, to authorize the Secretary of State to formally designate 
foreign terrorist organizations. The second one is the Executive Order on Terrorist 
Financing, which the President signed on September 23, 2001. These authorities 
block the property of designated terrorists and make it illegal to provide financing 
and other forms of material support to designated groups. Designating terrorists 
and their organizations is an important tool in the war on terrorism because it helps 
us curb their funding and invoke other sanctions. It is essential that we continue 
to work relentlessly to ensure that terrorists — whatever their ideology, religion, or 
ethnicity — do not receive safe haven, funding, or any other kind of support both in- 
side and outside our own borders. 

One of the lessons our nation learned anew on that tragic morning nearly two 
years ago was that the fates of all nations are linked — and that we deny this at 
our own peril. This lesson takes on new meaning when considered in the context 
of protecting our national and international critical infrastructures. Because, in the 
last analysis, it is precisely those global systems, structures, and networks that 
serve as the foundation for all our efforts to bring freedom, prosperity, and security 
to people around the world. 

Thank you. I would be happy to take your questions 

Mr. Camp. Mr. Mefford. 

STATEMENT OF LARRY A. MEFFORD, EXECUTIVE ASSISTANT 

DIRECTOR, COUNTERRORISM AND COUNTERINTELLIGENCE, 

FEDERAL BUREAU OF INVESTIGATION 

Mr. Mefford. Mr. Chairman, members of the committee, thank 
you very much for the opportunity to speak about this very impor- 
tant topic. 

The FBI, in cooperation with the Department of Energy, Depart- 
ment of Homeland Security, the North American Electrical Reli- 
ability Council and Canadian authorities, has aggressively inves- 
tigated the August 14 power outages. To date, we have not discov- 
ered any evidence indicating that the outages were the result of ac- 
tivity by international or domestic terrorists or other criminal ac- 
tivity. The FBI Cyber Division, working with DHS, meanwhile has 
found no indication that the blackout was the result of a malicious 
computer-related intrusion. 

This is a preliminary assessment only, and our investigative ef- 
forts continue today. The FBI has received no specific, credible 
threats to electronic power grids in the United States in the recent 
past; and the claim of the Abu Hafs al-Masri Brigade to have 
caused the blackout appears to be no more than wishful thinking 
at this stage. We have no information confirming the actual exist- 
ence of this group, which has also claimed on the Internet responsi- 
bility for the August 5 bombing of the Marriott Hotel in Jakarta 
and the July 19 crash of an airplane in Kenya. 

We remain very alert, however, to the possibility terrorists may 
target the electrical power grid and other infrastructure facilities 
of our country. They are clearly aware of the importance of elec- 
trical power to the national economy and livelihood. 
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For instance, al Qaeda and other terrorist groups are known to 
have considered energy facilities and other infrastructure facilities 
as possible targets. 

Guerrillas and extremist groups around the world have attacked 
power lines — . 

Mr. Camp. You may continue. 

Mr. Mefford. — as standard targets in the past. 

Domestic terrorists have also targeted energy facilities in the 
United States. In 1986, the FBI disrupted a plan by a radical splin- 
ter group connected to an environmental organization to attack 
power plants in Arizona, California and Colorado. 

The FBI has developed a multilayered approach to investigating 
potential threats to infrastructure facilities that brings together the 
strengths of law enforcement, the Intelligence Community, DHS, 
Department of Energy and private industry. This approach incor- 
porates many new changes the FBI implemented since September 
11 of 2001. They include: 

The formation of a Counterterrorism Watch, which is a 24/7 op- 
eration center based at FBI headquarters which is responsible for 
collecting and coordinating all FBI threat-related activities in the 
United States, including all terrorist threats to the electric power 
grid of the country. 

The creation of the National Joint Terrorism Task Force at FBI 
headquarters. This entity today incorporates over 35 Federal agen- 
cies and acts as a fusion point for the FBI and allows us to share 
information and coordinate activities quickly and efficiently. We 
have expanded the Joint Terrorism Task Forces in the country 
from 35 prior to September 11 of 2001 to almost 84 today. These 
task forces are now located in every major metropolitan area of the 
country and include major law enforcement agencies at the local, 
State and Federal level. All of these task forces have opened lines 
of communications with the electric power industry to share infor- 
mation and enhance preventive efforts. 

The U.S. intelligence Community is also a key component of 
these task forces. 

We have also enhanced our capabilities in the FBI’s 
Counterterrorism Division by significantly increasing personnel, in- 
cluding about a five-fold increase in personnel, which includes a 
major increase in analytical personnel as well as FBI special 
agents. 

We have formed the FBI Cyber Division to improve the FBI’s 
ability to address Internet crime and computer intrusions and 
threats to our computer networks. This includes potential terrorist 
threats to our utility computer networks and power grids. 

We have formed the Office of Intelligence to rapidly improve our 
ability to manage our databases effectively and to analyze threats 
and other related intelligence data. 

We have also joined forces with many different agencies, includ- 
ing DHS in establishing and operating the Foreign Terrorism 
Tracking Task Force, the Terrorism Threat Integration Center and 
the Terrorism Financing Operations Section. All of these entities 
are designed to improve information exchange, enhance coordina- 
tion and help us do a better job of preventing terrorism in the 
United States, which is our number one priority in the FBI. 
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In close coordination with DHS, the FBI works with the Informa- 
tion Sharing and Analysis Centers, the ISACs, that have been es- 
tablished around the country and members of the FBI’s InfraGard 
program. Both the ISACs and InfraGard were established to facili- 
tate information sharing between industry and law enforcement 
and to alert industry to potential threats and capitalize on private 
industry knowledge to assess threat information. Today, the FBI’s 
InfraGard program consists of over 8,000 companies located in all 
50 States and serves as an important link between the FBI and the 
private sector. This link is used by the FBI to exchange informa- 
tion to help us defend against terrorist attacks and is a vital part 
of the FBI’s national strategy to prevent and disrupt terrorist ac- 
tivities in the U.S. . 

In summary, we have developed a comprehensive and robust 
mechanism to deter and disrupt potential terrorist attacks, includ- 
ing attacks on the electrical power grids of the country; and we are 
working on a 24/7 basis with our partners in law enforcement and 
the Intelligence Community to constantly improve our preventive 
capabilities. Understanding that the number of critical infrastruc- 
ture targets is so vast and facilities spread so widely that no sys- 
tem can be perfect, the structure of private and government enti- 
ties acting in coordination will also provide an effective response in 
the unfortunate event of an attack. 

I thank you, and I look forward to questions. 

[The statement of Mr. Mefford follows:] 

PREPARED STATEMENT OF LARRY A. MEFFORD 

The FBI, in cooperation with the Department of Energy (DOE), the Department 
of Homeland Security (DHS), the North American Electrical Reliability Council 
(NERC), and Canadian authorities aggressively investigated the 14 August 2003 
power outages. To date, we have not discovered any evidence indicating that the 
outages were the result of activity by international or domestic terrorists or other 
criminal activity. The FBI Cyber Division, working with DHS, meanwhile, has found 
no indication to date that the blackout was the result of a malicious computer-re- 
lated intrusion, or any sort of computer worm or virus attack. 

The FBI has received no specific, credible threats to electronic power grids in the 
United States in the recent past, and the claim of the Abu Hafs al-Masri Brigade 
to have caused the blackout appears to be no more than wishful thinking. We have 
no information confirming the actual existence of this group, which has also claimed 
on the Internet responsibility for the 5 August bombing of the Marriott Hotel in Ja- 
karta and the 19 July crash of an airplane in Kenya. 

We remain very alert, however, to the possibility terrorists may target the elec- 
trical power grid and other infrastructure facilities. They are clearly aware of the 
importance of electrical power to the national economy and livelihood. 

• Al-Qa’ida and other terrorist groups are known to have considered energy fa- 
cilities — and other infrastructure facilities — as possible targets. 

• Guerillas and extremist groups around the world have attacked power lines 
as standard targets. 

• Domestic extremists have also targeted energy facilities. In 1986, the FBI dis- 
rupted a plan by a radical splinter element of an environmental group to attack 
power plants in Arizona, California, and Colorado. 

Terrorists could choose a variety of means to attack the electrical power grids if 
they choose to do so, ranging from blowing up power wire pylons to major attacks 
against conventional or nuclear power plants. We defer to DHS, however, for an as- 
sessment of the vulnerabilities of the electrical power system and the necessary re- 
sponses to damage to various types of power facilities. 

The FBI has developed a multilayered approach to investigating potential threats 
to infrastructure facilities that brings together the strengths of law enforcement, the 
Intelligence Community, DHS, DOE, and Industry. 
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• CT Watch is the FBI’s 24/7 “threat central” for counterterrorism threat infor- 
mation. CT Watch is located within the Strategic Information and Operations 
Center (SIOC) at FBI Headquarters, and is the primary point of notification for 
all potential terrorism threats. Upon notification of a potential threat, CT 
Watch immediately passes the threat information to the DHS Homeland Secu- 
rity Operations Center (HSOC) through DHS representatives detailed to CT 
Watch. CT Watch then notifies each FBI field office Joint Terrorism Task Force 
(JTTF) that may be affected by the threat. CT Watch also notifies the National 
Joint Terrorism Task Force (NJTTF) and the appropriate FBI counterterrorism 
operational sections. This interagency coordination not only ensures that rel- 
evant government agencies are notified of the threats, but also that involved 
JTTFs take timely action and appropriate remedial action. This is especially 
noteworthy given that the 84 JTTFs in existence today incorporate all major 
law enforcement agencies in the country. 

• The NJTTF is comprised of representatives from 35 government agencies, 
representing the intelligence, law enforcement, diplomatic, defense, public safe- 
ty and homeland security communities, co-located at SIOC. The NJTTF acts as 
a point of fusion for terrorism threat information and manages the FBI’s na- 
tional JTTF program. The NJTTF coordinates closely with CT Watch, the 
JTTFs, DHS representatives assigned to the CT Watch and NJTTF, and the ap- 
propriate FBI sections to ensure threat information has been received by all ap- 
propriate entities across federal, state and local levels, as well as other JTTFs. 
The NJTTF accomplishes this by distributing threat information vertically to 
the JTTFs, and horizontally to other government agencies that are members of 
the NJTTF. 

• Working with the state departments of homeland security and watch centers, 
the JTTFs across the country combine local law enforcement, Intelligence Com- 
munity, and DHS representatives to fuse threat information and coordinate the 
local response to threats. 

• Information from the JTTFs also flows up to the NJTTF, which ensures that 
it is received by all entities across the federal and pertinent local governments, 
as well as other JTTFs. 

• In close coordination with DHS, the FBI works with the Information Sharing 
and Analysis Centers (ISACs) and members of the FBI’s InfraGard program. 
Both the ISACs and InfraGard were established to facilitate information shar- 
ing between industry and law enforcement and to alert industry to potential 
threats and capitalize on private industry knowledge to assess threat informa- 
tion. Today, the InfraGard Program consists of over 8,000 companies located in 
all 50 states, and serves as an important link between the FBI and the private 
sector. This link is used by the FBI to exchange information to help us defend 
against terrorist attacks, including cyber threats from home and abroad. It is 
a vital part of the FBI’s national strategy to prevent and disrupt terrorist activi- 
ties in the US. 

• The FBI Cyber Division investigates malicious computer intrusions and at- 
tacks on computers and networks, including attacks on networks that help con- 
trol critical infrastructure. We are working with DHS and the electrical power 
ISAC to preserve and analyze computer logs from electrical companies in con- 
nection with the recent blackout. 

The expansion of the FBI’s Counterterrorism Division has significantly enhanced 
our ability to uncover threats to infrastructure facilities. In addition to CT WATCH, 
the FBI has established new sections to analyze terrorist communications and finan- 
cial transactions for threat-related information, and we have more than quadrupled 
the number of analysts working on terrorism since September 11, 2001. 

The increase in the FBI’s resources devoted to terrorism, combined with the part- 
nerships with other federal agencies, state and local law enforcement, and industry, 
provides a defense in depth that brings together the strengths of law enforcement 
and intelligence to respond efficiently and quickly to threats. Since September 11, 
2001, the FBI has investigated more than 4,000 terrorist threats to the U.S. and 
the number of active FBI investigations into potential terrorist activity has quad- 
rupled since 9/11. 

No threat or investigative lead goes unanswered today. At Headquarters, in our 
field offices, and through our offices overseas, we run every lead to ground until we 
either find evidence of terrorist activity, which we pursue, or determine that the in- 
formation is not substantiated. While we have disrupted terrorist plots since 9/11, 
we remain constantly vigilant as a result of the ongoing nature of the threat. 

The Patriot Act is another change enhancing our ability to disrupt terrorist plots. 
The provisions of the Patriot Act allowing the freer flow of information between in- 
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telligence and law enforcement are essential to uncovering and foiling terrorist 
plots, and have allowed the FBI to fuse our law enforcement and intelligence mis- 
sions so as to enhance our preventive capabilities. These improved capabilities are 
conducted pursuant to constitutional standards and relevant guidelines, and, in my 
view, have made the country safer for all. For example, the ability to share intel- 
ligence and law enforcement information was essential to the success of the recent 
indictment of a suspected member of the Palestinian Islamic Jihad for conspiracy. 

• Given the potential to disrupt critical infrastructure via computer intrusion, 
the provision of the Act that allows law enforcement, with the permission of the 
system owner, to monitor computer trespassers is of particular note. This provi- 
sion puts cyber intruders on the same footing as physical intruders, and means 
that hacking victims can seek law enforcement assistance in much the same 
way as burglary victims can invite police officers into their homes to monitor 
and catch burglars. 

• The Patriot Act also bolsters the ban on providing material support to terror- 
ists by clearly making it a crime to provide terrorists with “expert advice or as- 
sistance” and clarifies that material support includes all forms of money. These 
provisions have made possible the arrest and prosecution of extremists across 
the country and have enabled the US Government to cut terrorist organizations 
off at the source. 

In summary, we have developed a comprehensive and robust mechanism to deter 
and disrupt potential terrorist attacks, including attacks on the electrical power 
grids of the country, and we are working on a 24/7 basis with our partners in law 
enforcement and the Intelligence Community to improve our preventive capabilities. 
Understanding that the number of critical infrastructure targets is so vast and fa- 
cilities spread so widely that no system can be perfect, the structure of private and 
government entities acting in coordination will also provide an effective response in 
the unfortunate event an attack occurs. 

Mr. Thornberry. [Presiding.] The Chair thanks both witnesses 
for their testimony. 

I might mention to members that Mr. Camp and I intend to keep 
the testimony going and trade off going back and forth to vote. We 
are going to try to do the best we can as far as calling on members 
generally in the order they came to the hearing but also asking 
your patience as we try to figure it out as people come and go dur- 
ing this series of procedural votes. 

I am going to submit any questions I have for this panel for the 
record and will not ask any questions at this time. 

[The information follows:] 

PREPARED STATEMENT OF THE HONORABLE CHRISTOPHER COX, A REP- 
RESENTATIVE IN CONGRESS FROM THE STATE OF CALIFORNIA, AND 

CHAIRMAN, SELECT COMMITTEE ON HOMELAND SECURITY, 

Good afternoon. I would like to thank the subcommittee chairmen and ranking 
members for taking the lead on this important examination of the lessons learned 
as a result of the recent power outages, and the effects the blackout had to related 
critical infrastructure around the country. 

I am especially pleased to welcome Ambassador Cofer Black, and FBI Executive 
Assistant Director Larry Mefford. Many of us know them as friends, colleagues, and 
dedicated public servants. I am particularly eager to hear from all of our witnesses 
their thoughts on the state of affairs for the protection of our national critical infra- 
structure. This is not the first hearing on these matters, and I am certain we will 
continue to explore the subject for years to come. The recent power outages on Au- 
gust 14, however, have given us a timely opportunity to revisit those things we al- 
ready know, to ask ourselves if we are as prepared as we can be for similar events, 
and to further examine what we would do in the event that something worse oc- 
curred. 

Initial review of the blackout tells us that it was not a terrorist event. Still, the 
Department of Energy and the North American Electric Reliability Council (NERC) 
have not completed their analysis of exactly what went wrong, and why. In our sec- 
ond part of this hearing on Sept. 17, hopefully the Department of Energy will have 
an answer for us. Until then, we can assume that our enemies took notice of the 
massive social and economic disruption the blackout caused. The blackout shutdown 
over 100 power plants, including 22 nuclear reactors, cutoff power for 50 million 
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people in eight states and Canada, including much of the Northeast corridor and 
the core of the American financial network, and showed just how vulnerable our 
tightly knit network of generators, transmission lines, and other critical infrastruc- 
ture is. 

Today, we seek to learn as much as possible about the interrelated nature of our 
critical infrastructure, the potential risks of physical as well as cyber-attacks on the 
infrastructure, and, quite literally, what happens when the lights go out. We are 
especially interested in the capabilities of our enemies to do us harm whether it be 
by blowing up a transformer station or by using the internet to disable our power 
grids. 

Cyber attacks are a real and growing threat. The problem of cyber-security is 
unique in its complexity and in its rapidly evolving character. Cyber attacks are dif- 
ferent from physical attacks since they can be launched from anywhere in the world 
and be routed through numerous intermediate computers. Cyber attacks require a 
different skill set to detect and counter, and are not limited to the risks posed from 
al-Quaida. They include threats posed by those criminals and hackers who are al- 
ready attacking our infrastructure for their own amusement or using it to steal in- 
formation and money. As the most information technology-dependent country in his- 
tory, we remain uniquely vulnerable to cyber attacks that can disrupt our economy 
or undermine our national security. 

The dependence of major infrastructural systems on the continued supply of elec- 
trical energy, and of oil and gas, is well recognized. Telecommunications, informa- 
tion technology, and the Internet, as well as food and water supplies, homes and 
worksites, are dependent on electricity; numerous commercial and transportation fa- 
cilities are also dependant on natural gas and refined oil products. Physical or cyber 
attacks can amplify the impact of physical attacks on this critical infrastructure, 
and diminish the effectiveness of emergency responses. 

We have all heard the reports that the 911 emergency systems in New York and 
Detroit failed during the blackout. New York City’s computer-aided dispatch system 
for its fire department and rescue squad crashed. Reportedly, the New York City 
Fire Department had to monitor its 12,000 plus fire fighters, EMTs, and fire mar- 
shals manually because its computer tracking system couldn’t boot up. Harlem’s 
sewage treatment plant shut down without power for its pump. Water systems in 
Cleveland and Detroit could not handle the drop in power. Ohio Governor Bob Taft 
declared a state of emergency in Cleveland after all four pumping stations that lift 
water out of Lake Erie went out and residents were ordered to boil their water for 
days. The beaches were off limits for swimming after a sewage discharge into Lake 
Erie and the Cuyahoga River sent bacteria levels soaring. 

As a group, the critical infrastructure sectors are backbone services for our na- 
tion’s economic engine and produced approximately 31% of the Gross Domestic Prod- 
uct (GDP) in the year 2000. The blackout rippled through the economy. Nearly all 
manufacturers in southeast Michigan ground to a halt with the blackout. More than 
50 assembly and other plants operated by General Motors Corp., Ford Motor Co., 
DaimlerChrysler, and Honda Motor Co. were idled by the cascading blackout. NOVA 
Chemicals shutdown plants in Pennsylvania, Ohio, and Ontario, Canada. Wallmart 
closed 200 stores in Canada and the United States. Marriott International saw 175 
of its hotels in the Northeast lose power at the height of the blackout, and seven 
oil refineries in the U.S. and Canada temporarily shut down, worsening an already 
tight gasoline supply situation. 

Hundreds of airline flights were cancelled. For many airports throughout the U.S. 
and Canada, the power failure has exposed the risk of fuel supply interruptions 
from electricity outages, since most hubs in North America are fed by pipeline sys- 
tems. Many airports were not closed because of air traffic problems but due to inop- 
erable systems on the ground. Tightened security measures established after 9-11 
could not be maintained as power was not available for baggage screening machines. 
Refueling of aircraft stopped as hydrant systems and fuel farms lacked power. 

The examples are endless, and experience shows us that the blackout is not alone 
in its capacity to disrupt the economy. The information super highway of the Inter- 
net has become a fast lane for computer viruses. A computer virus launched one 
morning can infect computers around the world in one day. The Slammer virus, 
launched in January of this year, reportedly infected 100,000 computers in its first 
ten minutes alone. Because of the SoBig computer virus, some rail routes of CSX 
were recently shut down on August 20, until a manual backup system started the 
trains running again. Without railroads to deliver coal, the nation loses 60 percent 
of the fuel used to generate electricity. Without electricity, fueling stations cannot 
pump fuel. Without diesel, the railroads will eventually stop running. When the rail- 
roads stopped running after 9/11 in order to guard hazardous materials, it only took 
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the city of Los Angeles two days to demand chlorine or face the threat of no drink- 
ing water — the railroads began operating again on the third day. 

We know that terrorists have assessed the possibility of attacking our nuclear 
power plants and our transportation system. Al-Qaida computers seized in Afghani- 
stan in 2001 had logged on to sites offering that offer software and programming 
instructions for the distributed control systems (DCS) and Supervisory-control and 
Data-acquisition (SCADA) systems that run power, water, transport and commu- 
nications grids. All critical infrastructure industries are becoming increasingly de- 
pendent on information management and internal telecommunications systems to 
control and maintain their operations. The U.S. Dept, of Commerce’s National Tele- 
communications & Information Administration (NTIA) published a study in January 
2002 that detailed the myriad of uses the internal wireless communications systems 
to meet essential operational, management and control functions including two-way 
emergency restoration and field communications, monitoring power transmission 
lines and oil and natural gas pipeline functions to instantaneously respond to 
downed transmission lines or changes in pipeline pressure; sending commands to 
various remote control switches; inspecting 230,000 miles of rail track; managing 
wastewater, processing drinking water, and protective relaying. 

SCADA systems could be attacked simply by overloading a system that, upon fail- 
ure, causes other systems operations to malfunction as well. While there is some 
debate about the ability of a terrorist to successfully launch a cyber attack against 
a SCADA system, there are several examples of people or groups who have tried. 

In March 2000 a disgruntled former municipal employee used the Internet, a 
wireless radio and stolen control software to release up to 1 million liters of sewage 
into the river and coastal waters of Queensland, Australia. 

Similarly, NERC reports that over the past two years, there have been a number 
of “cyber incidents that have or could have directly impacted the reliable operation 
of the bulk electric system,” including: 

• In January 2003, When the SQL/Slammer worm caused an electric utility 
company to lose control of their SCADA system for several hours, forcing the 
company operations staff to resort to manual operation of their transmission 
and generation assets until control could be restored. 

• In September 2001, the Nimda worm compromised the SCADA system of an 
electric utility, and then propagated itself to the internal project network of a 
major SCADA vendor via the vendor’s support communications circuit, dev- 
astating the vendor’s internal network and launching further attacks against 
the SCADA networks of the vendor’s other customers. 

More telling, perhaps, is a report issued in May 2002 by the Defense Depart- 
ment’s Critical Infrastructure Assurance Program (CIAP) claiming that there was 
evidence of a coordinated cyber reconnaissance effort directed against the critical as- 
sets of at least two electric utilities participating in the Defense Department spon- 
sored program. The report revealed that the probing appeared to come from the Peo- 
ple’s Republic of China, Hong Kong, and South Korea, with each probe building 
upon information previously garnered. 

The blackout is yet another wake-up call to our nation. It demonstrated the fra- 
gility of our electric transmission system, and reminds us of the interdependent na- 
ture of our infrastructure. Clearly, we need to encourage private industry and gov- 
ernment to raise the standards of cyber security, and to further enhance our infra- 
structure security against attack. 

We can take heart, however, from the system’s durability and our society’s resil- 
ience. The blackout caused major disruption and much inconvenience, but it did not 
cause terror. Our training and preparations since 9-11 are beginning to show posi- 
tive results. Keep in mind that power was restored within 48 hours to most of the 
effected areas. 

It is too soon to identify specific equipment, measures, and procedures that did 
or did not work as intended on August 14, but it is important to note that large 
parts of the Eastern Interconnection power grid did not suffer the blackout. Protec- 
tive relays within the distressed area operated to remove transmission lines, trans- 
formers, and generating units from service before they suffered physical damage, as 
designed. It was the action of those individual relays, operating to protect individual 
pieces of equipment, which eventually isolated the portion of the grid that collapsed 
from the remainder of the Eastern Interconnection. The fact that the equipment did 
not suffer physical damage is what made it possible to restore the system and serv- 
ice to customers as quickly as happened. 

Another factor in the successful restoration of power was the restoration plans 
themselves. Restoring a system from a blackout requires a very careful choreog- 
raphy of re-energizing transmission lines from generators that were still on line in- 
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side the blacked-out area as well as from systems from outside the blacked-out area, 
restoring station power to the off-line generating units so that they can be restarted, 
synchronizing those generators to the interconnection, and then constantly bal- 
ancing generation and demand as additional generating units and additional cus- 
tomer demands are restored to service. Many may not realize it takes days to bring 
nuclear and coal fired power plants back on-line. With those plants down, gas-fired 
plants normally used for peak periods were being used to cover baseload needs. The 
diversity of our energy systems proved invaluable. 

Can we do better? Of course we can. We must. It is the job of this Committee 
to help ensure that we do. 

I thank all our witnesses for being with us and look forward to your testimony. 

PREPARED STATEMENT OF THE HONORABLE JAMES LANGEVIN, A 
REPRESENTATIVE IN CONGRESS FROM THE STATE OF RHODE ISLAND 

Thank you, Mr. Chairman. 

I would like to welcome our witnesses, and express my appreciation for your will- 
ingness to come here for what I hope will be a very enlightening and productive 
hearing. I look forward to hearing from these distinguished experts on our infra- 
structure and how we regard it. 

Mr. Chairman, it was with great expectation that we created the Department of 
Homeland Security and charged it with protecting us from terrorist threats and re- 
sponding to emergencies here at home. This means not just controlling the border 
or patrolling airports, but making sure that the infrastructure that is vital to the 
daily operation of the United States is protected. Our early fears focused on our 
water supplies, but as we have seen in the last two weeks, weaknesses in our elec- 
trical grid and our communications systems may hold even greater potential for ter- 
rorist exploitation. 

My concern is that we have not seen meaningful plans or progress from DHS in 
identifying critical infrastructure and existing risks. That step is critical before we 
can talk about how to protect it. This is a task DHS needs to be working on closely 
with local and state governments, though several states have decided to identify 
their critical infrastructure even without DHS support. I would like to hear from 
our panel what they believe the first steps should be for our national effort of infra- 
structure identification and protection and how they see DHS either leading or sup- 
porting the endeavor. 

Again, I greatly appreciate all of our guests taking time to be here to discuss this 
vital issue. 

PREPARED STATEMENT OF THE HONORABLE JIM TURNER, A 
REPRESENTATIVE IN CONGRESS FROM THE STATE OF TEXAS 

Thank you, Mr. Chairman. 

The August 14, 2003, blackout left nearly 50 million people from the Midwest to 
the Northeast without power. Our relief that the massive blackout of 2003 does not 
appear to have been the work of terrorists should not divert our attention from the 
core question raised by the blackout: Have we done enough since September 11th, 
2001 to protect our nation’s critical infrastructures from potential terrorist attack? 

Although there is no evidence that the blackout was caused by terrorism, this in- 
cident demonstrated that there are literally hundreds of thousands of potential tar- 
gets that terrorists could choose to strike. These include power systems, chemical 
and nuclear plants, commercial transportation and mass transit, skyscrapers, and 
sports and concert venues. In addition to physical assets, we also need to protect 
cvber assets. Recent computer disruptions have had unexpected consequences on nu- 
clear plants and other utilities. 

Eighty-five percent of our critical infrastructure assets are privately owned. We 
must, therefore, work in partnership with the private sector to improve our national 
security. But we can not rely too heavily on voluntary private action. Companies 
seeking to maximize profits simply are unlikely to have the economic incentives to 
voluntarily make the investments necessary to raise security levels to where they 
need to be. 

While there are many potential targets for terrorists, is there enough protection? 
Are our policies and initiatives equal to the urgency and gravity of the threats we 
face? I note that, with the two-year anniversary of September 11th approaching, we 
have not yet produced a comprehensive national threat and vulnerability assess- 
ment for our nation’s critical infrastructure, which is the starting point for a serious 
effort to improve homeland security. 

In the absence of sufficient action by critical infrastructure owners, we have a 
duty to take the initiative to protect the American people. The federal government 
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need not do so through the heavy hand of direct regulation. We must fully explore 
all the tools at our disposal. These can include targeted incentives or other assist- 
ance to owners of vulnerable critical infrastructure; higher standards for account- 
ability when it comes to protecting assets that are at risk; faster timelines for imple- 
menting better security measures; and only when it is absolutely necessary, man- 
dates and regulation. 

Displaying stronger federal leadership to better protect critical infrastructure 
should not be viewed as undue interference, but rather the exercise of our constitu- 
tional duty to provide for the common defense of our nation. 

Today, we face many threats to our country and our way of life. Our reaction to 
the blackout cannot be limited to seeking improvements in our electricity grid. This 
episode should be a wake-up call that we remain extremely vulnerable as a nation 
and that our governments at all levels, together with the private sector, must do 
more to increase the security of our critical infrastructures against potential ter- 
rorist attacks. 

I want to thank the distinguished panel for appearing before us today. I look for- 
ward to your testimony as we seek to understand what progress we have made — 
and need to make — in increasing the security of all of our critical infrastructures. 

Mr. Thornberry. I would yield to the gentlelady from California, 
ranking member of the Border Subcommittee, if she has any ques- 
tions for this panel. 

Ms. Sanchez. Thank you, Mr. Chairman. 

I actually just had one question of Mr. Black, and that is the 
whole issue — one of the reasons we have called this with respect 
to the power blackouts that we had obviously in the metropolitan 
area of the Northeast. I know that you spoke broadly to us about 
the tri-state area and South America and other issues. In par- 
ticular, have you had any particular instances where you have ac- 
tually heard of terrorist groups or cells really — from the outside 
really taking a look at penetrating our grids here in the United 
States? 

Mr. Black. We do know from intelligence collection activities of 
the U.S. Intelligence Community as well as great work done by law 
enforcement to give the FBI — these efforts have resulted in the 
identification of the objectives of a lot of these terrorist groups, par- 
ticularly like the al Qaeda organization; and the essence of it is to 
attempt to stage large-scale attacks and, ideally, multiple attacks 
at the same time to create a lot of damage. 

We do know that they look aggressively across the spectrum of 
potential targets to select those targets that they think they can 
work towards and achieve successfully as well as keep in mind that 
there is an active effort to identify their operatives and their oper- 
ational activity. 

Essentially, so far most of their effort has been to attempt to kill 
lots of people; and that is sort of the established modus operandi 
of terrorist groups, primarily using explosives, but we do know that 
some terrorist groups are branching out and looking at other poten- 
tial target sets. This would include electrical systems of countries 
and potential targets. 

But I am unaware at this point of a significant emphasis at this 
time on the electrical grid although they are always looking for 
vulnerabilities and they certainly will be aware if this event hap- 
pened in the United States and see if there are any potential les- 
sons learned that they can employ in potential future attack sce- 
narios. 

Ms. Sanchez. Because of the interest of time and because I still 
have to go over and vote, I have one last question. You may not 
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know the answer to this. I might have to go and ask somebody else. 
But I notice in the blackout that we had with respect to the North- 
west that, in fact, Canada was included in some of those outages. 
I am from California. During our problems in California we were 
looking towards Mexico to see if we could get electricity up to our 
grid up from that area. The fact of the matter was that we are not 
connected with respect to our infrastructure grid down into Mexico. 
My question would be — if either one of you would be able to answer 
it and if not I will go look for another source — does that make us 
more vulnerable if in fact we are tied into an infrastructure that 
crosses a sovereign line? 

Mr. Black. Well, I would be prepared fully to defer to my close 
FBI colleague on this. I think that question perhaps more appro- 
priately should be addressed to the Department of Homeland Secu- 
rity officials and other people in the industry. It is a little technical 
I think at this stage, certainly for me. 

Mr. Mefford. I would concur with that. 

Ms. Sanchez. Okay. Thank you both, gentlemen. 

Thank you, Mr. Chairman. 

Mr. Thornberry. Thank the gentlelady. 

Does Chairman Cox have questions for this panel? 

Mr. Cox. Thank you, Mr. Chairman. 

Mr. Mefford, first, thank you for being here. Mr. Black as well. 
Thank you very much for helping us with these difficult issues 
today. 

In your past career, Mr. Mefford, you have been involved with 
setting up the FBI’s cyberefforts. Let me ask both of you — and di- 
rect my question first to you because you might have come across 
this in your previous work — in the blackouts that we experienced 
in August, tripping mechanisms, at least to the extent that the sys- 
tem functioned as we expected, shut down generating capacity. Is 
it possible for those tripping mechanisms which are automated to 
be triggered intentionally from the outside through cyber means? 

Mr. Mefford. That is a good question. I, unfortunately, would 
have to defer to the experts on that because I am not educated to 
the degree that I think I could give you a serious answer. 

Mr. Cox. Mr. Black, do you happen to know? 

Mr. Black. Unfortunately, sir, I am unable to answer that also. 
I would have to refer that to an expert. 

Mr. Cox. Second, according to the Congressional Research Serv- 
ice, one of the means of protection that we have in our industrial 
utilities, in particular the electrical power generating industry, and 
transmission is, ironically, the wide variety of legacy codes that are 
employed, a lot of different instructions, a lot of different systems 
that are unfamiliar to modern day hackers. Do we run the risk in- 
evitably when we modernize these facilities to make sure that we 
have the capacity that we need of updating everything for the con- 
venience of hackers? 

Mr. Mefford. Again, that is another excellent question; and I 
don’t have the technical expertise personally to answer that. I 
mean, clearly that is a danger. 

Mr. Cox. Mr. Black, anything? 

Mr. Black. Unfortunately, nor do I, sir. 
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Mr. Cox. Well, I think that at least embedded in the problem is 
the potential solution, which is, if we are unwittingly the bene- 
ficiaries of a wide variety of different command instruction proto- 
cols, possibly when we update this critical infrastructure we can 
take care not to make it all homogenous but to make sure there 
is a wide variety in there that will serve as another means of foil- 
ing attacks. 

Mr. Chairman, since there is a vote on the floor, I yield back. 

Mr. Thornberry. Thank the chairman. Does the Gentleman 
from Texas, Ranking Member, wish to ask questions of this panel? 

Mr. Turner. Thank you, Mr. Chairman. 

The main subject, of course, that you have addressed here today 
is the issue of the blackouts that we saw in August. To me, the 
main message for this committee flowing from that incident was to 
remind us once again how vulnerable we are; and the 
vulnerabilities of the power grid seems to me to be one of many po- 
tential vulnerabilities in our critical infrastructure. I don’t know if, 
Mr. Mefford, you can answer this or not, or Mr. Black, but have 
either of you ever seen produced by the Department of Homeland 
Security or any other agency of the Federal Government a list in 
terms of priorities of protecting our critical infrastructure? 

Mr. Mefford. I have not. I understand that there is something 
in process — in progress at this point, but I have not personally seen 
that. 

Mr. Black. I have not seen it either, Congressman, but I under- 
stand that was one of the key reasons for the establishment of the 
Department of Homeland Security, to identify these vulnerabilities, 
so I am confident they are working on it. But, again, I think that 
question should be addressed to their representative, sir. 

Mr. Turner. Ambassador, you are correct. That is one of the 
principal responsibilities of the new Department of Homeland Se- 
curity: to survey and assess our critical infrastructure, to deter- 
mine our vulnerabilities, to assess the threats, and to match those 
threats, against those vulnerabilities and come up with a list of pri- 
orities for hardening our critical assets and making our country 
more secure and safer. In the absence of that, it seems that we will 
have a very difficult time knowing what our priorities should be 
and knowing where we should spend our limited dollars. 

I know from your perspective, Ambassador, you, of course, are 
looking at the issue of terrorism from the international perspective. 
Do you feel that we are sufficiently providing information to the 
various agencies of the government regarding the intelligence that 
is available out there worldwide that we collect to allow the De- 
partment or the FBI or any other agency to really understand 
clearly what the current state of threats is at any given time? 

Mr. Black. I think that is always a challenge, but I will say, 
Congressman, that certainly in the period since 9/11 there has been 
a tremendous intensification on this exact issue, with the United 
States playing a very key role in the constellation of nations that 
includes virtually every nation in the world except for a handful. 
And the objective is the effective and timely exchange of threat in- 
formation and intelligence information. Both the American Intel- 
ligence Community and the U.S. law enforcement — I will turn to 
my colleague from the Bureau — are key in this. 
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The State Department’s role would be referred to as the first 
among equals. It is our duty and our responsibility to facilitate this 
process, to enable the Intelligence Community and law enforce- 
ment, the military and the economic units in the United States to 
exchange information effectively with their foreign counterparts. 
Our job is to facilitate that process. I think we have made tremen- 
dous strides, truly. It may even be in sort of historical proportions. 
But I think there is a lot left to do. I think that everyone in the 
United States involved in this, as well as our foreign counterparts 
sees this as the objective, to have transparency and a timely ex- 
change of intelligence and threat information. And I think the 
progress to date has been exceptionally good. 

Mr. Mefford. I concur with that view. From the FBI’s perspec- 
tive we have made very significant progress in information sharing 
and analysis; and while it is not perfect, we are clearly headed in 
the right direction. 

Mr. Turner. Mr. Mefford, from your vantage point, do you have 
a sense for what is the most critical need for protecting critical in- 
frastructure? We saw the failure of the power grid, as you said, not 
resulting from terrorism. But do you have any opinions regarding 
what portion of our infrastructure — in the absence of a clear delin- 
eation of vulnerabilities by the Department of Homeland Security — 
do you see any particular sector that, from your experience in ob- 
serving the intelligence, would be most critical for us to be con- 
cerned about currently? 

Mr. Mefford. I think if you look at the comprehensive intel- 
ligence environment, unfortunately, al Qaeda and groups such as 
al Qaeda have looked at and considered a variety of potential tar- 
gets. We know that based on the analysis of information available 
to us, and it is across the board in a variety of infrastructures. So 
I am really not in a position to say that one is more than the other. 

But, obviously, based on what we saw in 2001, the aviation and 
transportation industry is something of concern. We know that the 
Ambassador has mentioned previously in his remarks that certain 
terrorist groups like al Qaeda have talked about and focused on 
electrical power grids, for instance. But we haven’t seen any spe- 
cific or credible threats to date. So it is difficult for us at this point. 
Some of that is based on the nature of intelligence work inherently, 
that it is very difficult to get clear, precise pictures at various times 
and space. But I think we are making progress. Working with 
Homeland Security I think we will be able to fine-tune our efforts 
and improve efficiencies in the future. 

Mr. Turner. Thanks to both of you for being here with us today, 
and thank you for your service to our country. 

Mr. Black. Thank you, sir. 

Mr. Camp. [Presiding.] Thank you. 

Mr. Weldon, any inquiry? 

Mr. Weldon. Thank you, Mr. Chairman. Thank you both for 
being here. Two questions. 

Number one, last week, the Canadian news reported that there 
had been arrests of individuals with suspected terrorist ties who 
were flying planes and casing out a nuclear power plant in Canada; 
and my concern is that several months ago I shared some informa- 
tion with the Intelligence Community relative to an alleged threat 
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on a nuclear site in America with the first three letters of SEA 
which could be the Hanford site in Seattle or the Seabrook site in 
New Hampshire. These arrests troubled me greatly last week, and 
so I would ask the question, are we aware of any intelligence that 
has been brought forward indicating that perhaps a site — a nuclear 
site in America may in fact be the target of either al Qaeda or 
other terrorist networks and are you aware of the arrests in Can- 
ada? 

Mr. Mefford. Yes, sir, we are aware of the arrests in Canada. 
We are working with our counterparts in Canada to address those 
issues. We are told, frankly, that there are no links to al Qaeda 
that have been uncovered to date and there are no specific threats 
against nuclear power plants, particularly no threats to power 
plants in the United States. But we continue to work with our al- 
lies north of us on a constant basis. 

Mr. Weldon. Thank you. 

Second line of questioning is, I happen to think, as a 17-year- 
member of the Armed Services Committee, now vice chairman, that 
the greatest threat to our Homeland Security in terms of both our 
energy supply and our electronics would be from a deliberate 
laydown of electromagnetic pulse. There wasn’t much attention 
given to this certainly in this book. It is mentioned in one page and 
by people in my opinion who are responsible for protecting our in- 
frastructure to the vulnerability of America to electromagnetic 
pulse. We on the Armed Services Committee put together a task 
force which is chaired by an ambassador that has been looking at 
our vulnerability to EMP. 

One, have either of your agencies had any interaction and, if so, 
to what extent with the EMP Commission that has now been in 
force for about year? 

And, Mr. Chairman, I would like to ask this question of every 
other witness before us. My feeling is that perhaps the answer will 
be for most of the witnesses they have had no interaction with the 
EMP Commission. But I will ask these two gentlemen. Have you 
had any direction interaction with the EMP Commission? 

Mr. Black. I personally have not. That is not to say that others 
in the State Department may have. I just do not know, sir. 

Mr. Mefford. I think my answer would be the same to that. 

Mr. Weldon. Mr. Chairman, this to me is the greatest threat. 
Because, as you well know, all you would need would be a low-yield 
nuclear weapon, which we now know that North Korea has and 
Iran is trying to obtain, and the ability to put it up into the atmos- 
phere, which we know that both Iran and North Korea have, a low- 
complexity missile; and by detonating that low-yield nuclear weap- 
on off of the coast in the atmosphere the EMP laydown would fry 
all the electronic components within a given range within the U.S. 
In fact, our military has tested this type of capability in the past. 

In testimony before the Armed Services Committee, we have not 
hardened our systems. Only our ICBM system is hardened, and al- 
most the entirety of our energy complex in America would be vul- 
nerable to any EMP laydown. I would ask each of you to comment 
whether or not you have had contact with the Commission. What 
is your assessment of the EMP threat to America and to our infra- 
structure? 



22 


Mr. Mefford. I would have to defer to the technical experts in 
the FBI. I don’t have that knowledge personally. 

Mr. Black. I would have to share that answer, sir. 

Mr. Weldon. Mr. Chairman, I would also suggest that at some 
point in time we invite the board of the EMP Commission in before 
this committee; and I would hope that every witness before us 
here — because these are the utility companies, all of which would 
be rendered useless if any EMP laydown occurred, none of which 
I will tell you right now before they testify are hardened to deal 
with an electromagnetic pulse attack. 

[The information follows:] 
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has come to create a central national level entity t: n acquire, fuse 

a from many agencies in order to support the polic er in taking 
m terrorism, proliferation, illegal technology diver; espionage, 
arfare and cyberterrorism. These challenges are bej • ig to overlap, 
tinction while posing increasing threats to our Nat 


•.tion to counter these emerging threats, we must fi ierstand their 
;r, their patterns, the people and countries involve. the level of 

n. The Department of Defense has a un; \\x oppc to create a 

ir that can do this for the country. It would be pattc : fiter the Army’s 
re Activity (LIWA) at Fort Belvoir, but would operate c . i a much broader 
allow for near-time information and analysis to fh : a central fusion 


signate the National Operations Analysis Hub (NO I think this 
will be provide a central hub built to protect our na rom the flood of 


i wc oe comprised of a system of agency-specified mini -a , or “pods” of 

participating agencies and services associated with growing national security concerns 
(attachment 1). NOAH would link the policymaker with action recommendations derived from 
fused information provided by the individual pods. NOAH would provide the automation and 
' * to all '' - pods to talk together, share data and perspectives r • r ^iven situation in 
c r-based environment. 
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Agencies Represented in the 
National Collaborative Center 


. Central Intelligence Agency. 

. Defense Intelligence Agency. 

. National Imagery and Mapping Agency 
. National Security Agency 
. National Reconnaissance Office 
. Defense Threat Reduction Agency 
. Joint Chiefs of Staff 
. Army/LIWA 
. Air Force 
. Navy 

. Marine Corps 

. Joint Counter-Intelligence Assessment Group 

. ONDCP 

.FBI 

. Drug Enforcement Agency 
. U.S. Customs 

. National Criminal Investigative Service 
. National Infrastructure Protection Center 
. Defense Information Systems Agency 

. State Department 
. Five CINCs 
. Department of Energy 
. Department of Commerce 
. Department of the Treasury 
. Justice Department 
. Office of the Secretary of Defense 
. National Military Command Center 
. National Joint Military Intelligence Command 

Elements to be connected to the national collaborative center would 
include the White House Situation Room, a Congressional Virtual 
Hearing Room and a possible redundant, or back-up site. 
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Along with its system of connected agency pod sites, NOAH would permit the display of 
collaborative threat profiling and analytical assessments on a large screen. It would be a national 
level operations and control center with a mission to intergrate various imagery, data and 
analytical viewpoints for decision-makers in support of national actions. I see NOAH as going 
beyond the capability of the National Military Command Center (NMCC) and the National Joint 
Military' Intelligence Command (NJMIC), providing recommended courses of action that allow 
us to effectively meet those emerging challenges from asymmetrical threats in near real-time. 
Given its mission, i believe that NOAH should reside in the Office of the Secretary of Defense 
(Attachment 2). 


I am aware of the initiative to link counterintelligence groups throughout the community. 

1 am also aware of the counterterrorism center at (he CIA, the new National Infrastructure 
Protection Center at the FBI, and a new HUMINT special operations center. I have heard of an 
attempt to connect the Office of Drug Control Policy (ONDCP) and OSD assets with federal, 
state and local law enforcement agencies. I also have seen what the Army has done at LIWA, 
which has created a foundation for creating a higher-level architecture collaborating all of these 
efforts. Each of these independent efforts needs to be coordinated at the national level. I believe 
LIWA has created a model that should be used as a basis for creating the participating agency 
pod sites. 

I do not expect that establishment of NOAH should exceed $10 million. Each agency 
involved could set up its own pod to connect with the central NOAH site or to exchange data 
with any of its participants. Each agency could dedicate monies to establish their own pod site, 
while the $50 million available in DARPA for related work could be used to establish the NOAH 
structure immediately. 


The NOAH concept of a national collaborative environment supporting policy and 
decision-makers mirrors the ideas you have expressed to me in recent discussions, and it is a 
tangible way to confront the growing assymetricai threats to our nation. I have a number of ideas 
regarding staffing options and industry collaboration, and would appreciate the opportunity to 
discuss them with you. Thank you for your consideration. I^ok forward to hearing from you at 
your earliest convenience. 




CURT WELDON 
Member of Congress 
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National Operations and Analysis Hub 
(NOAH) 


The Challenge 

• The United States continues to rely upon decades-old approaches in dealing with 
threats to our national security. It is time to consider new approaches beyond those 
developed in the 1950s if we are to successfully meet the challenges and issues 
facing us in the 21st century. 

• This new approach supports the needs of the nation's policymakers, military 
commanders, and law enforcement agencies in taking action against asymmetrical 
threats such as terrorism, proliferation, illegal technology diversions transfers, 
espionage, narcotics, information warfare and cyberterrorism. 

• The challenges facing policymakers, the military, and various law enforcement 
agencies are beginning to overlap, blurring their distinction and jurisdiction while 
posing an increasing threat to our nation, both domestically and internationally. 

Addressing the Threat 

• Numerous federal agencies continue their efforts to deal with these threats, often 
separate and distinct from the work of other agencies. This presents a serious 
problem because agencies often fail to share or bring together vital information that 
can assist in a timely solution. 

• We don't need another analytical center. Instead, we need a national level “fusion 
center” that can take already analyzed data and offer courses of action for 
decision-making. 

• On July 30, 1999 I wrote Deputy Secretary of Defense Hamre on the need for such 
a central national-level entity - the National Operations Analysis Hub. 

• This central national-level hub would be comprised of a system of agency-specified 
mini-centers, or “pods,” of participating agencies and services associated with grow- 
ing national security concerns. In all, some 33 such agencies would initially partici- 
pate. 

• Patterned after the Army's Land Information Warfare Activity center at Fort Belvoir, 
NOAH would display collaborative threat profiling and analytical assessments. With 
the aid of a variety of electronic tools, it would integrate various imagery, data, and 
analytical viewpoints for decisionmakers in support of national actions. 
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Benefits 


For national policymakers, such a national collaborative environment offers situation 
updates across a variety of issues and offers suggested courses of action — based 
on analysis — to help government officials make more informed decisions. 

For the intelligence community, a national collaborative center such as NOAH will 
help end stovepiping and create more robust strategic analyses as well as near-real- 
time support to field operations. 

For law enforcement, such a national-level center provides investigative and threat 
profiling support, and field station situational awareness. 

For military commanders and planners, the national-level center offers full battlefield 
visualization, threat profiling, robust situational awareness, as well as near real-time 
support to special missions such as peacekeeping, humanitarian aid, national 
emergencies or special operations. 
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Defense Information and 
Electronics Report 


an exclusive weekly newsletter on defense information and electronic warfare programs, 
procurement and policymaking from the publishers of Inside the Pentagon 

Vol. 4, No. 45, November 12, 1999 


Industry worried administration may waver RUSSIAN DELEGATION 

LAWMAKERS WEIGH IN AGAINST PROPOSED DOESN'T SHOW FOR 

ENCRYPTION REGULATIONS YEAR 2000 TALKS 


Concerned that the Clinton ftdministratbu may be moving away from 
earlier pledges to liberalize encryption export policy rules, lawmakers on 
both sides of the aisle criticized fee administration &i$ week for seeking to 
narrowly write new regulations governing the foreign sale of encryption 
technology. House members were responding to industry groups who say 
White House officials have shown signs of “backsliding* during recent 

continued on page 13 


Pentagon Intel officials mulling similar plan 
WELDON: DOD NEEDS MASSIVE INTELLIGENCE 

NETWORK FOR SHARED THREAT fNFO 


Senior Pentagon officials are mulling over an idea proposed by Rep. 
Curt Weldon (R-PA) that would link classified and unclassified documents 
in a massive Intelligence clearinghouse that could be accessed by 33 
federal agencies — a concept similar In some ways to one floated by DOD 
Intelligence officials but with significantly fewer player* involved. 

“Our problem with intelligence is that we're stove-pipped,” said 


continued on page 22 


PISA undertakes ‘aggressive action Plan' 

DEFENSE DEPARTMENT STRUGGLES TO KEEP UP 
WITH BANDWIDTH DEMANDS 


A receaf growth spurt tn the mllitaty'i Internet speed and connectivity 
requirements has left the Defease Information Systems Agency struggling 
to keep up with demands from the services while contending with local 
carriers backlogged with bandwidth erda* — a dilemma DISA it answer- 
ing through an “aggressive action plan" to protea DOD’s future network- 
ing needs. 

continued on page 23 


Russian officials this week did not 
show tip for scheduled discussions on 
solution* to die Year 2000 computer 
problem and future information technol- 
ogy management issues, according to 
defense and congressional sources- 
After Pentagon officials cleared 
schedules to arrange for tours, confer- 
ences and meetings, as well as hotel 
rooms and dinners for the small Russian 
delegation, defense officials were 
suinned when they didn’t show on Nov. 

8 for two days of meetings. 

“Wc don’t know why," said a DOD 
Y2K spokesman, adding that phone calls 
to the Russians were made in vain 
because of a nation al holiday In Russia. 
“No one knows yet" 

Talks were originally scheduled to 
begin Oct. 11 but were pushed back 
several weeks doc to scheduling con- 
flicts “as a result of other Y2K coopera- 
tive effort* with the Russian Federation/' 
according to an Oct. 6 letter from DOD’s 
Y2K. Outreach Program. Calling the 
proposed cooperative effort the Informa- 
tion Technology Management woridng 
group, DOD saggested last 
September to continue addressing the 

continued on page 21 









run INTEL NETWORK UNLIKELY . . . begins on page one 

Weldon, chairman of the House Armed Services military research end development subcommittee, during a Nov. s 
interview. “Each agency has its own way of collecting data and analyzing it, but they don't share that Informa- 
tion with other agencies. The need Is to have a better system of analyzing and fusing data sets across agencies 
and services - certainly within the Pentagon and the military, but my opinion is that we have to go further than 
that” • -*• 

Weldon first proposed tbs concept of a “National Operations Analysis Hub" to Deputy Defense Secretary John 
Hamrc last July, although the congressman said he kept his initiative quiet tmtil a stronger pirn could be developed. 

The Pentagon-fuockd network of agencies would be operated by DOD. According to Weldon, it would pull 
together large amounts of information to produce intelligence profiles of people, regions and national security 
threats, such as information warfare and cyber-terrorism, 

“The NOAH concept of a national collaborative eoviroament supporting policy and decision-makers mirrors 
die ideas you have expressed to me ia recent discussions, and it is a tangible way to confront the growing asym- 
metrical threats to our nation," Weldon wrote in bis July 30 letter to Harare. 

The NOAH concept, however, wm not wholeheartedly embraced by Hamrc, who met with Weldoa last 
summer and told the txxigrcssmau his suggested use of the Army’s Land Information Warfare Activity at Ft. 

Be l voir, VA, as a model for NOAH, would never stick. 

Because Lrwx is already short of resources, tbc Army is apprehensive about taking on any new tasks, Harare 
told Weldoa. 

Weldon, la a iuly 21 letter to Hamrc, also urged the Pentagon to support additional future funding for UWA, 
citing critical budget shortfalls that he »aid have kept the agency from MfiUing • barrage of requests for intelligence 
files from Army commanders (Defense Information and Electronics Report, July 30, pi). 

"There** massive amounts of data out there, and you have to be able to analyze hind create ways to foew.oo 
that data *o Its relevant to whatever you’re fattxcstwi in,** he said this week about hts support forLIWA. "Well, the 
Army has already done that." 

White Weldoa continues to push far NOAH to be patterned after UWA, he sees It operating on a much larger 
soak. Impressed by Its ability to puU together huge amounts of both unclassified and classified data, Weldon noted 
LlWA's Information Dominance Center can create in -depth pro files that could be useful to the CIA, F BI and the 
White House. Yet most federal agencies don't even know LIWA exists, he added. 

“Right now the military is limited to {its] own soarces of information," Weldon said. "And in the 21st 
century, a terrorist group is more than likely going to be involved with terrorist nations. So the boundaries arc 
crossed all the time. We don’t have any way to share that and get beyond the stove- pipping” 

Meanwhile, officials within the Defense Department's intelligence community have been considering another 
way to amass tnteHigcaee information through a concept called the Jofct Coanter-mtefii^cncc Assessment Group. A 
DDD 6*x?kcswom&a said proponents of trie Idea, for now, are unwilling to disclose details about it. She was also 
unable to say whether a formal proposal to Harare had been made yet. 

In Weldon’s July 30 letter to Hamrc, however, Weldon alludes to an ongoing “initiative to link counterintelli- 
gence groups throughout tbc community.” 

“I have heard of au attempt to connect the Office of Drug Control Policy (ONDCP) and [Office of the Secretary 
of Defense} assets with federal, state and local law enforcement agencies,” Weldon wrote. 

However, Weldoa said in the interview he believes JCAG is simply more “stove-pipping.” 

“I also have seen what the Army has done at LIWA, which has created a foundation for creating a higher-level 
architecture collaborating all of these efforts," his July letter states. 

NOAH would link together almost every federal agency wi& intelligence capabilities. Including the National 
Security Agency, the National Imagery and Mapping Agency, the Energy Department, the CIA and the FBI. Beth 
Congress and tbc White House would be offered a “node" for briefing capabilities, meftraag Intelligence agencies 
could detail iJtoatkms on terrorist attacks or wartime scenarios. 

"It’s mainly fbrpclicymakeni, the White House dedsloamakere, the State Department, military, and military 
leaders " he said- 

AMuxigh lnfbrraatioa-«haring among the Intefligeoce community has yet to be formalized through NOAH or 
ICAG or a similar system, military officials have said titey need same kind of linked access capability. 

Intelligence systems need to be iocbxdcd within the Globe! Information Grid — the military's vision of a future 
global network tlxat could be accessed from anywhere In the world, said Brig. Gen. Marilyn Quagliotti, vice director 
of the Joint StafFc command, control, communications and computers directorate, during a Nov. S speech on 
Infotmatioa assurance atncoaference in Arlington, VA 

"We iwed a more integrated strategy, {ocfcsdzog help from [the Joint Safi 1 * intelligence dxrectorate] wifri 
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1 SEC. 903. REVISED JOINT REPORT ON ESTABLISHMENT OF 

2 NATIONAL COLLABORATIVE INFORMATION 

3 ANALYSIS CAPABILITY. 

4 (a) Revised Report. — At the same time as the sub- 

5 mission of the budget- for fiscal year 2003 under section 

6 1105 of title 31, United States Code, the Secretary of De- 

7 fense and the Director of Central Intelligence shall submit 

8 to the congressional defense committees and the congres- 

9 sional intelligence committees a revised report assessing al~ 

10 tematives for the establishment of a national collaborative 

1 1 information analysis capability. 

12 (b) Matters Included. — The revised report shall 

13 cover the same matters required to be included in the DOD/ 

14 CIA report, except that the alternative architectures assessed 

15 in the revised report shall be limited to architectures that 

16 include the participation of all Federal agencies involved 

17 in the collection of intelligence. The revised report shall also 

1 8 include a draft of legislation sufficient to carry out the pre- 

19 f erred architecture identified in the revised report. 

20 (c) Officials To Be Consulted. — The revised re- 

21 port shall be prepared after consultation with all appro- 

22 priate Federal officials, including the following: 

23 (1) The Secretary of the Treasury. 

24 (2) The Secretary of Commerce. 

25 (3) The Secretary of State. 

26 (4) The Attorney General. 


•HR 2586 RH 
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1 of an Office of Transformation within the Office of the Sec- 

2 re-tary of Defense to advise the Secretary on— 

3 (1) development of force transformation strate- 

4 gies to ensure that the military of the future is pre- 

5 pared to dissuade potential military competitors and, 

6 if that fails, to fight and win decisively across the 

7 spectrum of future conflict; 

8 (2) ensuring a continuous and broadly focused 

9 transformation process; 

10 (3) service and joint acquisition and experimen- 

11 tation efforts, funding for experimentation efforts, 

12 promising operational concepts and technologies, and 

13 other transformation activities, as appropriate; and 

14 (4) development of service and joint operational 

15 concepts, transformation implementation strategies, 

16 and risk management strategies. 

17 (c) Sense of Congress on Funding. — It is the sense 

18 of Congress that the Secretary of Defense should consider 

19 providing funding adequate for sponsoring selective proto- 

20 typing efforts, wargames, and studies and analyses and for 

21 appropriate staffing, as recommended by the director of an 

22 Office of Transformation as described in subsection (b). 
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INTELLIGENCE 


Fusion Center Concept Takes Root 
As Congressional Interest Waxes 

Army’s Land Warfare Information Activity provides 
model of profiling approaches to meet new hazards. 


C reation of a national operations and analysis hub 
is finding grudging acceptance among senior offi- 
cials in the U.S. national security community. 
This fresh intelligence mechanism would link 
federal agencies to provide instant collaborative threat pro- 
filing and analytical assessments for use against asymmetri- 
cal threats. National policy makers, military commanders 
and law enforcement agencies would be beneficiaries of the 
hub’s information. 


Prodded by a resolute seven-term Pennsylvania congress- 
man and reminded by recent terrorist and cyberthreat activi- 
ties, the U.S. Defense Department is rethinking its earlier 
aversion to the idea, and resistance is beginning to crumble. 
Funding to establish the national operations and analysis 
hub (NOAH), which would link 28 federal agencies, is 
anticipated as a congressional add-on in the Defense 
Department’s new budget. An initial $10 million in funding 
is likely in fiscal year 2001 from identified research and 
development accounts'. 

Spearheading the formation of NOAH is Rep. Curt 
Weldon (R-PA), chairman of the U.S. House of 
Representatives National Security Committee’s military 
research and development subcommittee. He emphasizes 
that challenges facing U.S. leaders are beginning to overlap, 
blurring distinction and jurisdiction. “The increasing danger 
is both domestic and international.” 

Conceptually, NOAH would become a national-level oper- 
ations and control center with a mission to integrate various 
imagery, data and analytical viewpoints. The intelligence 
products would support U.S. actions. “I see NOAH as going 
beyond the capability of the National Military Command 
Center and the National Joint Military Intelligence 
Command. NOAH would provide recommended courses of 
action that allow the U.S. to effectively meet emerging chal- 
lenges in near real time,” the congressman illustrates. 

This centra] national-level hub would be composed of a 
.system of agency-specified mini centers, or ‘pods,’ of par- 
ticipating agencies and services associated with growing 
national security concerns,” Weldon reports^' ^NOAH yvjouid 
Jink the pplicy maker with action recommeh<mUoiw'’denyed 
from fused information provided by die;'ihdiyidual;pod.” 
Automation and connectivity would allow, the pods, to talk 
to each other in a computer-based environniept data 

and pors^ctiyes pa a given situation.. ;• • 

The congressman believes that 
Within .tne Defense Department and, is. hub’s 

concept on a U.S. Army organization he clospiyifoilqws; He 


says the idea for NOAH comes from officials in several fed- 
eral agencies. However, it is also based on his own experi- 
ences with the U.S. Army's Intelligence and Security 
Command’s (INSCOM’s) Land Warfare Information 
Activity (LIWA) and Information Dominance Center, Fort 
Belvoir, Virginia. 

Patterned after LIWA ( SIGNAL , March, page 31), NOAH 
would display collaborative threat profiling and analysis. 



Rep. Curt Weldon (R^PA), chairman of the U.S. House of 
Representatives National Security Committee's military 
research arid development subcommittee, displays a 
Russian laser gyroscope and an accelerometer 
intertepted etirOUte to Imq.The ballistic missile 
guidancdpackage ls from a Russian SS-N-19 submarine 
launihed hrlssUe. Transfened at least three times to hide 
tn6 snlpment, the, guidance package was sold with the 
knoyiedge of Russian officials, which Is, a violation of 
the f/itematfopal Mlssfla Technology Control Regime. 
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With the aid of a variety of electronic tools, the hub would 
support national actions, Weldon discloses. 

The congressman is conscious of other initiatives such as 
linking counterintelligence groups throughout the commu- 
nity. He also is aware of the Central Intelligence Agency's 
(CIA’s) counterterrorism center, the Federal Bureau' of*" 
Investigation's (FBI’s) National Infrastructure Protection 
Center and a new human intelligence (HUM1NT) special 
operations center. “We don’t need another analytical center. 
Instead, we need a national-level fusion center that can take 
already analyzed data and offer courses of action for deci- 
sion making," he insists. 

Weldon’s wide experience in dealing with officials from 
the FBI, CIA and the National Security Agency (NS A) con- 
vince him that policy makers are continuing to work in a 
vacuum. “Briefings and testimonies are the primary vehi- 
cles for transmitting information to leaders. The volume of 
information germane to national security issues is expand- 
ing so rapidly that policy makers are overwhelmed with 
data,’’ he claims. 

Robust situational awareness of asymmetric threats to 
national security is a key in assisting leaders, Weldon 
observes. "Policy makers need an overarching information 
and intelligence architecture that will quickly assimilate, 
analyze and display assessments and recommend courses of 
action for many simultaneous national emergencies," he 
declares. The concept of NOAH also calls for virtual com- 
munications among policy makers. 

Weldon’s plan is for White House, Congress, Pentagon 
and agency-level leaders each to have a center where they 
receive, send, share and collaborate on assessments before 
they act. He calls NOAH the policy maker’s tool. In the col- 
laborative environment, the hub would provide a multi- 
issue, multiagency hybrid picture to the White House situa- 
tion room and the Joint Chiefs of Staff. 

NOAH’s concept also includes support for HUMINT and 
peacekeeping missions along with battle damage assess- 
ment The same system could later help brace congressional 
committees and hearings. The new capability would allow 
application of foreign threat analyses to policy, while pro- 
viding a hybrid situational awareness picture of the threat, 
Weldon relates. Industrial efforts of interest to the policy 
maker could be incorporated, and academia also could be 
directly linked. 

In meetings with high-level FBI, CIA and defense offi- 
cials, Weldon stressed the need to "acquire, fuse and ana- 
lyze disparate data from many agencies in order to support 
the policy maker’s actions against threats from terrorism, 
(ballistic missile] proliferation, illegal technology diver- 
sions, espionage, narcotics (trafficking], information war- 
fare and cyberterrorism.’’ He is convinced that current col- 
lection and analysis capabilities in various intelligence 
agencies are stovepiped. "Tb some extent, this involves turf 
protection, but it clearly hinders policy making." 

Weldon, who was a Russian studies major, offers some of 
his own recent experiences as examples of why there is a 
strong need for NOAH. He maintains close contact with a 
number of Russians and understands ;their programs and 
technologies- The congressman i$:>quick to recall vignettes 
about Russian officials and trips to facilities in theregiom ; 

During the recent U.S. combat action Involvement- if» 
Kosovo, Weldon was contacted by 'sefilor Russian officials. 

4R <U«MA1 ADDII «ww» r " 


Clamoring for Russia to be involved in the peace prt 
they claimed that otherwise upcoming elections could 
the communists. The Russians proposed a Belgrade me 
with Weldon, congressional colleagues, key Serbian off 
and possibly Yugoslave President Slobodan Milosevic. 

After the first meeting with key officials from the de 
ments of State and Defense and the CIA, Weldon and < 
members of Congress went to Vienna, Austria. The £ 
Department objected to a meeting in Belgrade, sugges 
instead a neutral site. Before the departure, the Russ 
informed Weldon that Dragomir Karic, a member of a p 
erful and wealthy Kosovo family, would attend the meet 
Karic’s brother was a member of the Milosevic regime. 

At the end of the Vienna meeting, the Russians and Kti 
told Weldon that if he would accompany them to Belgra* 
Milosevic was prepared to meet with them and publii 
embrace a peace agreement concept reached during t 
Vienna meeting. The agreement would have direct 
involved Russia in the peace process. A diplomatic offic 
with the U.S. delegation telephoned Washington, D.C., a 
the State Department objected to the Belgrade trip. T 
congressman and his colleagues returned home. 

As soon as he arrived in Washington, D.C., the FI 
telephoned to request a meeting with Weldon to gathi 
details on Karic. It was clear, Weldon reports, they ha 
very little information on him or his family. The follow 
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Despite economic upheaval, Russia continues to spend billions of dollars 
on a secret underground site in the Urals. Rep. Weldon shows a 
photograph of the Yamantau Mountain complex near the cities of 
Beloretsk 15 and 16. A large-gauge rail line runs Into the mountain, which 
could be for strategic-dlrected energy weapons development and 
storage. 


... b vaj, tuc v-irt telephoned the congress- 
man and asked for a meeting “about Karic.” 

Instead, the congressman proposed a joint 
meeting with CIA and FBI agents in his 
office. Two officials from each agency 
attended with a list of questions. 

Weldon learned from the agents that they 
were seeking information on Katie to brief the 
State Department. When he explained that the 
information came from the Army and LIWA, 
the CIA and FBI agents had no knowledge of 
that organization, he confirms. Before his 
departure for Vienna, the congressman 
received a six-page LIWA profile of Karic and 
his family’s links to Milosevic. 

“This is an example of why an organization 
like NOAH is so critically necessary,” Weldon 
contends. “LIWA's Information Dominance 
Center provides the best capability we have 
today in the federal government to assess mas- 
sive amounts of data and develop profiles. 

LIWA uses its contacts with other agencies to 
obtain database information from those sys- 
tems,” he explains. “Some is unclassified and 
some classified." 

Weldon cites an “extraordinary capability 
by a former CIA and Defense Intelligence Agency official, 
who is a LIWA profiler, as one of the keys in LIWA’s suc- 
cess. She does the profiling and knows where to look and 
which systems to pull information from in a data mining 
and extrapolation process,” he proclaims. “She makes the 
system work.” 

Weldon intends to use LIWA’s profiling capability as a 
model f"r building NOAH. “My goal is to go beyond ser- 
vice intelligence agencies and integrate all intelligence col- 
lection. This must be beyond military intelligence, which is 
too narrow in scope, to provide a govemmentwide capabili- 
ty. Each agency with a pod linked to NOAH would provide 
two staff members assigned at the hub, which would oper- 
ate continuously. Data brought together in “this cluster 
would be used for fusion and profiling, which any agency 
could then request,” he maintains. 

NOAH would not belong to the Army, which would con- 
tinue with its own intelligence capabilities as would the 
other services. There would only be one fusion center, 
which would handle input from all federal agencies and 
from open sources, Weldon explains. "NOAH would handle 
threats like information operations and examine stability in 
various regions of the world. We need this ability to respond 
immediately.” The congressman adds that he recently was 
briefed by LIWA on very sensitive, very limited and scary 
profile information, which he describes as “potentially 
explosive In turn, Weldon arranged briefings for the chair- 
man of the House National Security Committee, the 
Speaker of the House and other key congressional leaders. 

“But this kind of profiling capability is very limited now. 
The goal is to have it on a regular basis. The profiling could 
be used for sensitive technology transfer issues and infor- 
mation about security breaches,”- the. congressman allows. 
LIWA has what, he terms the fusion and' prdfi{ingVstate-of- 
the-art'capability in the military, “even b6y$hd the. military.” 
Weldon is pressing the case for NQAH;^riipng theTeaders 


in both houses of Congress. “It is essential that we create a 
governmentwide capability under very strict controls.” 

Weldon adds that establishing NOAH is not a funding 
issue; it is a jurisdictional issue. “Some agencies don’t want 
to tear down their stovepipes. Yet, information on a drug 
lord, as an example, could be vitally important to help com- 
bat terrorism.” He makes a point that too often, federal 
agencies overlap each other in their efforts to collect intelli- 
gence against these threats, or they fail to pool their 
resources and share vital information. ‘This redundancy of 
effort and confusion of jurisdiction only inhibits our 
nation’s capabilities,” he offers. 

NOAH would provide high-bandwidth, virtual connectiv- 
ity to experts at agency pod sites. Protocols for interagency 
data sharing would be established and refined in links to all 
pod sites. The ability to retrieve, collate, analyze and dis- 
play data would be exercised to provide possible courses of 
action. A backup site would be established for redundancy, 
and training would begin on collaborative tools as soon as it 
is activated. 

The hub system would become part of the national policy 
creation and execution system. The tools available at LIWA 
would be shared so that every agency would have the same 
tools. Weldon explains that all agencies would post data on 
the National Reconnaissance Office (NRO) highway in a 
replicated format sensitive to classification. NOAH’s global 
network would use the NRO system as a backbone. 

NOAH optimizes groups of expertise within each organiza- 
tion — experts who are always on hand regardless of the issue. 
This approach ties strategic analysis and tactical assessment 
to a course of action. “Before the US. can take action against 
emerging threats, we must first understand their relationship 
to one another, their patterns, the people and countries 
involved and the level of danger posed to our nation," Weldon 
says. ‘That is where NOAH begins.” — CAR 
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Thank you. 

Mr. Camp. Thank you. 

Miss Lofgren may inquire. 

PREPARED STATEMENT OF THE HONORABLE ZOE LOFGREN, A 
REPRESENTATIVE IN CONGRESS FROM THE STATE OF CALIFORNIA 

• Thank you Chairman Thornberry. It is always a pleasure to work with you. It is 
also a pleasure to be holding this joint hearing with the Subcommittee on Infra- 
structure and Boarder Security. This subcommittee is led by my good friend and 
California colleague, Congresswoman Loretta Sanchez, and Chairman Dave Camp 
of Michigan. 

• The blackout on August 14, 2003 left nearly 50 million people in 8 states and 
Canada without power. When the lights went out that afternoon, there was wide- 
spread concern that this incident might have been another major terrorist attack 
on the United States. The video of pedestrians streaming out of Manhattan was ee- 
rily reminiscent of the events September 11, 2001. 

• Thankfully, we quickly determined that terrorism played no role in this event. 
The regional power grid simply was overwhelmed and broke down. 

• While we can express some relief that the blackout was not a terrorist attack, this 
event does highlight our continuing need for better protection of our critical infra- 
structure. 

• Too many of our nation’ infrastructure assets remain extremely vulnerable to ter- 
rorist attack. Power plants, airports, bridges, water treatment facilities, and public 
and private sector computer networks are just not sufficiently prepared for an inci- 
dent of terrorism. There are simply hundreds of thousands of assets in our country 
that must better secured. 

• I remain greatly concerned the Bush Administration is not up to the task of pre- 
paring for future terrorist attacks. 

• Almost 2 years have passed since the events of September 11th. Yet we do not 
have any comprehensive list of national critical infrastructure assets that assesses 
risks and vulnerabilities. To my knowledge, the Department of Homeland Security 
is not giving advice to or sharing information with states and cities on how best to 
secure important facilities. 

• I am particularly concerned about the threat of some sort of cyber attack. A recent 
study by the Pew Internet and American Life Project found that nearly half of all 
Americans surveyed say they are worried that terrorists could launch attacks 
through the networks connecting home computers and powerful utilities. 

• In the past month, several computer worms have struck computer networks and 
systems around the world. There are reports that these worms are swamping net- 
work systems with traffic, causing denial of service to critical servers within organi- 
zations, and adversely affecting government and emergency response operations. 

• As long as worms such as Blaster, Welchia, and SoBig.F can adversely affect our 
computer networks, then our weakest links are insecure and the entirety of our in- 
frastructures and communications systems is at risk. 

• I return to Silicon Valley every weekend. I am constantly approached by people 
in the tech industry — from CEO’s to programmers — who wonder what the Depart- 
ment of Homeland Security is doing to prevent cyber attacks. I am frustrated be- 
cause I can’t give them an answer. 

• The DHS announced almost 3 months ago the creation of a National Cyber Secu- 
rity Division within the Information Analysis and Infrastructure Protection Direc- 
torate (June 6). On August 3, Secretary Ridge said that a director for the cyber divi- 
sion would be chosen soon. I have heard countless rumors for over a month about 
personnel announcements, and yet as of today, no one has been chosen to lead this 
division. 

• Three months is just too long to wait. Either the Department is in complete dis- 
array, or it does not consider cybersecurity to be a priority. Perhaps it is both, and 
that is very troubling. 

• I want to thank our witnesses for appearing before us today. I look forward to 
hearing your testimony. I hope you will focus in particular on your personal dealings 
with DHS. I also hope you can persuade me that there is some good work being 
done within the Department to protect our nation’s critical infrastructures. 

Ms. Lofgren. I will submit my questions for the record. 

Mr. Camp. Mr. Pascrell. 

Mr. Pascrell. Thank you. Thank you, Mr. Chairman. I have a 
few questions. 
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First, to Mr. Mefford, who has been before our committee — sub- 
committee a few times and appreciate his candidness and his forth- 
rightness. You are a credit to the FBI and to this country for the 
service that you have presented. I mean that. If you know me, if 
I didn’t feel that way, I would say nothing or to the contrary. 

Mr. Mefford. Thank you. 

Mr. Pascrell. But I want to congratulate you for what you have 
done. 

I want to ask you a question. Has the creation of the DHS and 
all of the apparatus of Homeland Security clarified, in your esti- 
mation, or confused Federal leadership on security? What is your 
estimate of that? And then I am going to ask Mr. Black that ques- 
tion, also. 

Mr. Mefford. In the area of critical infrastructure protection, in 
my view it has clarified the role. Historically, prior to the formation 
of that Department, the FBI was involved, as you know, inves- 
tigating terrorism threats and in working with our counterparts in 
private industry to the degree that we were able to identify 
vulnerabilities and assess threats to the vulnerabilities. Today, 
that is the role of the Department of Homeland Security; and, 
frankly, it frees us up to focus on the operational end of 
counterterrorism, being the investigative phase so that we can run 
down every threat and that we can use our personnel, frankly, in 
a way that they are trained and focus them in a greater degree. 

So, in my view, in the area of critical infrastructure protection, 
it has helped. It is a new department, but I think that they have 
made tremendous progress, and I look forward to working closely 
with them to achieve their goals. But, having said that, I under- 
stand that it is very challenging to form a large organization quick- 
ly- 

Mr. Pascrell. Would you say that you have anticipated any con- 
fusion in the formation of this apparatus, Homeland Security appa- 
ratus, in terms of Federal leadership? What do you anticipate that 
could be confusing or perceived as confusing so that the message 
is not clear as to who is working on this and who is trying to re- 
solve the problems? 

Mr. Mefford. Well, in the FBI I think, if we are talking about 
critical infrastructure protection, it is very clear to us and we have 
no doubt about the role of the FBI and the role of Homeland Secu- 
rity and we see our role as being complementary and to assist them 
as we can. Clearly, if we focus on identifying terrorism threats and 
we focus on prevention and disruption of terrorist activities in the 
country, our role is to pass that information rapidly to DHS to 
allow them to improve their evaluation process and their analysis 
of vulnerabilities. But it really is a complementary arrangement; 
and in that area, in the area of critical infrastructure protection, 
I think we are making progress. 

Mr. Pascrell. This was the largest that I know of — I will stand 
corrected — the largest, the most widespread blackout we have had 
in many moons, right? Mr. Chairman, were you prepared? Was the 
FBI’s apparatus prepared to deal with it just in case there was sab- 
otage involved and did it work? I mean, you went into action imme- 
diately. What did you do? 
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Mr. Mefford. We immediately convened a conference call with 
all of the special agents in charge of the eight field offices that 
were affected by the power outage and based on backup energy 
sources were able to communicate and use the telephone and other 
devices. And we laid out what we knew, what we didn’t know. We 
strategized and prioritized, and then we brought in the Joint Ter- 
rorism Task Forces which I referred to in my opening comments. 
They are really the bedrock of all of our counterterrorism efforts, 
and that brings in the State and local law enforcement piece and 
the Federal law enforcement and intelligence piece. So working 
hand in glove, we immediately went out to the private industry 
folks involved, coordinated and started our efforts basically to in- 
vestigate, looking backwards to see if we could assist in identifying 
the cause of the outbreak. 

Mr. Pascrell. Mr. Black, if I may, Mr. Chairman, we know that 
this is a vulnerable area. In fact, we have been warned that this 
could happen again, this blackout; and we have responded to — 
what measures have you taken, specifically in concrete, since this 
time, since the time of the blackout which caused devastating 
losses throughout the Northeast and central United States? What 
have you done in the Department of State to avoid this in the fu- 
ture or being better able to respond to it if it happens again? 

Mr. Black. First of all, the contributions that we can make is 
from an international standpoint. We — . 

Mr. Pascrell. I didn’t hear you. I am sorry. 

Mr. Black. Is from an international standpoint. We support 
other agencies in their work. 

I think you asked for a clarification on Department of Flomeland 
Security. I think its mission from a State Department standpoint 
is absolutely critical. Because it is that entity that rationalizes the 
threat information, things that can happen to us. Match that up 
with the potential vulnerabilities and do that key work from an 
international standpoint, from an information processing stand- 
point. That is the most important to us. 

We do not see an element of confusion here. We see an element 
of adjustment. When you have such a new department that is play- 
ing such a key role, the other agencies that are supporting this 
homeland defense adjust. 

As an example, my job is contacts with foreign countries in terms 
of policy formulation and coordination from counterterrorism. The 
Department of Homeland Security has an international unit. We 
have personnel assigned to that, and our job is to facilitate their 
interaction in the protection of the homeland. 

So our contribution in this is the facilitation of contacts with for- 
eign countries that are affected, whether it is close allies like the 
Canadians or British or others, depending upon the threat that ma- 
terializes here in the United States. 

Mr. Pascrell. Thank you, Mr. Chairman. 

Mr. Camp. Thank you. 

Ms. Dunn may inquire. 

Ms. Dunn. Thank you. Thank you very much, Mr. Chairman. 

Ambassador Black, I wanted to ask a you question based on 
what you were just saying. I gave a speech last month on 
cyberterrorism in London. We were meeting with members of Par- 
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liament, and I was amazed at how much attention they are paying 
to the very same things that we are dealing with. I had used as 
an example of potentials for cyberterrorism the power grid in the 
United States, and 2 Yays later we saw that happen. 

I guess, first of all, I would like to know, briefly, how did you 
know it wasn’t terrorism at the beginning? And, secondly, I would 
like you to expand on what we have learned from people in other 
nations. Are there things that they have accomplished that we can 
learn from and are we doing our work in cooperation with them as 
the experience I had in London last month told me we were? 

Mr. Black. Yes, ma’am. I do understand that you are very inter- 
ested in this, as are a number of our allies. The reason that I knew 
it wasn’t terrorism was because my colleagues in the FBI and the 
U.S. Intelligence Community advised us of that fact. We were the 
recipients of their good works. So that was a very comforting thing, 
and I think they were able to determine that pretty early on in this 
process. 

I think there has been great interest in cyberterrorism. It has 
been going on for years. And this is something that the State De- 
partment — our role is to facilitate contacts to make sure that the 
links are there and that our colleagues in the FBI and the Amer- 
ican Intelligence Community are matched up with their foreign 
counterparts. In this area of expertise we are primarily facilitators, 
and we also provide training to countries that have the will to work 
against this problem but not the capacity. So we facilitate the mak- 
ing of contacts as well as provide training programs to appropriate 
foreign recipients overseas. 

Ms. Dunn. Mr. Mefford, how did you know it wasn’t terrorism? 

Mr. Mefford. Our Joint Terrorism Task Forces are looking at 
this issue from various perspectives. One is the external threat, to 
see if there is physical damage, to see if we have actual signs of 
sabotage. We have not found any. And we determined that fairly 
quickly, although I indicated in my opening comments our inquiry 
is ongoing, and so I am not giving you a definitive answer at this 
point. But preliminarily we have not found any evidence of that. 

We also looked at the Intelligence Community for input regard- 
ing their knowledge of plots and efforts on behalf of our adversaries 
around the world that may want to do something like this, and we 
haven’t found that. 

In addition, we are very concerned about the insider threats, 
somebody that would have access to critical systems, both from a 
physical standpoint, the sabotage standpoint and a computer intru- 
sion. And that applies also for somebody clearly on the computer 
intrusion side, on degrading capabilities and attacks through the 
computer networks. That applies on the external threat, also. We 
have not yet seen evidence of that. 

But this very preliminary assessment that I am giving you, be- 
cause we are working with the Department of Energy, Department 
of Homeland Security and NERC to review the computer logs for 
evidence of that type of malicious activity. We have not seen that 
to date but it is still ongoing. 

Ms. Dunn. Now the threat of insider action of terrorism is be- 
coming a very broad theme as we investigate what could be harm- 
ful to us in the United States. Let me ask you another question. 
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You acknowledged in your testimony that terrorists could choose a 
variety of means to attack the Nation’s power grids. In your opin- 
ion, what should we as a committee be focusing on? Where should 
we be directing the Department of Homeland Security’s oversight, 
and what should the Department of Homeland Security to be focus- 
ing on? What are the means that are most concerning to you? 

Mr. Mefford. I think in our view you look historically at what — 
when we see our number one threat today remains al Qaeda. There 
are other terrorist groups and members that concern us, also. But 
the number one threat remains al Qaeda today. And if you look at 
their historical activities you have to look at things such as what 
occurred on September 11; the attacks in Riyadh, Saudi Arabia, on 
May 12; the attacks in Casablanca, Morocco, I think on May 16 of 
this year; and other various attacks overseas where we are seeing 
basically truck bombs and assaults of individuals. 

We have not seen any indication that al Qaeda possesses a so- 
phisticated computer intrusion capability. While potentially they 
may have expressed an interest, we have seen no evidence that 
they possess this capability today. Clearly, it is of concern to us, 
because at some point in the future we are going to have to address 
those types of issues. But at this stage it is our view that we have 
seen very, very basic computer functionality on the part of identi- 
fied terrorists in the world. We have not seen sophisticated capa- 
bilities if you talk about the attacks to networks. 

But we have seen sophisticated capabilities on the physical side, 
sabotage and the traditional terrorist attacks using explosives and 
what we saw on 9/11. So I think we would recommend priority to 
physical, to protect against physical sabotage at this point, includ- 
ing the insider threats with individuals that have access to your 
most sensitive components — potentially are vetted to ensure that 
we don’t have the wrong person in the wrong place. 

Ms. Dunn. Is — just a follow-up on that. Is there an area with we 
ought to be sending more resources? 

Mr. Mefford. I am not educated to the degree that I think I can 
answer that appropriately today. 

Ms. Dunn. Thank you, Mr. Chairman. 

Mr. Camp. Thank you. 

Ms. Christensen may inquire. 

Mrs. Christensen. I thank you, Mr. Chairman. 

Let me see. Let me follow up with a question to Mr. Mefford fol- 
lowing up on the Ranking Member’s question. I think he asked a 
general question on critical infrastructures which pose the greatest 
security concerns and whether or not there had been assessment 
of vulnerabilities. In your testimony, you say that you are clearly 
aware that the terrorists are clearly aware of the importance of 
electrical power; that al Qaeda and other terrorist groups have con- 
sidered energy facilities, et cetera, et cetera. Have you received an 
assessment of vulnerabilities specifically related to the electrical 
power grid? 

Mr. Mefford. No, we have not. 

Mrs. Christensen. You need that to be able — in your collabora- 
tion with the Department of Homeland Security, that is their role 
in that partnership; is it not? 
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Mr. Mefford. Yes. And I understand that it is in progress at 
this point, and that they are working towards that end, and we are 
cooperating in assisting to whatever degree we are capable. 

Mrs. Christensen. Another question occurs to me, because, for 
example, in the instance of the blackouts, there is a need to imme- 
diately restore and repair the break. Does the need for immediate 
repair in any way compromise our ability to determine the cause 
or to investigate where the breakdown may have occurred or 
whether or not it may have been caused by international or domes- 
tic terrorism? 

Mr. Mefford. In reality it does not impede our ability because 
we have ample experience now, unfortunately, in responding to ter- 
rorist bombings where clearly the priority is protecting and saving 
human life. At the same time, while that process is ongoing, we 
have devised the capability inside the FBI to conduct forensic ef- 
forts and crime scene — traditional scientific efforts at the crime 
scene in a way not to impede the priority of saving human lives. 
And I think that same principle would apply in the case that you 
outlined. 

Mrs. Christensen. The CT Watch that you outline seems to be 
a very coordinated way of disseminating information. Is the re- 
sponse as coordinated, and has that ever been exercised? 

Mr. Mefford. I guess I am not sure exactly what you are refer- 
ring to. The response to a blackout? 

Mrs. Christensen. Under the CT Watch the information, the no- 
tification of potential threats are immediately disseminated to all 
the relevant agencies, which evokes the need to respond. 

Mr. Mefford. We think — 

Mrs. Christensen. Has that been exercised? Are the responses 
as coordinated as the dissemination of information seems to be? 

Mr. Mefford. I think there is room for improvement, but we are 
definitely making progress, and we are getting better each and 
every day. And based on the volume of threats — and, as you know, 
the vast majority of all these threats overwhelmingly are un- 
founded. The unfortunate part is we have to expend the resources 
because we can’t take a chance. We have to follow up on each and 
every threat. We have had over 4,000 in the Intelligence Commu- 
nity since September 11. So it is keeping us very busy. But we 
have had ample opportunity to exercise the coordination, and I 
think we are getting much, much better at it. 

Mrs. Christensen. I have one last question. The InfraGard pro- 
gram, you say, serves as an important link of over 8,000 companies 
located in all 50 States. Did you mean States and territories, or ter- 
ritories not included in that; and where are you in making sure we 
are included? 

Mr. Mefford. Let me check on that real quick. 

Yes, ma’am. They include territories also. 

Mr. Camp. Thank you. 

Mr. Etheridge may inquire. 

Mr. Etheridge. Mr. Mefford, let me ask you a question on the 
testimony you forwarded as it relates to the role of TTIC, Ter- 
rorism Threat Integration Center, as you mentioned earlier about 
the critical infrastructure, and here I am expanding beyond the 
blackout because they have that, and you talk about potential im- 
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pact, and you are looking at banking and a whole host of things. 
What role does that play in the analysis of threat information 
against our critical infrastructure? 

Mr. Mefford. The FBI furnishes TTIC with all of our threat in- 
formation, all types, whether it impacts the power grid or banking 
systems or water systems and whatnot, because they are the single 
entity that not only has possession of all this information, I think 
it enhances our capability, as I say, to connect the dots and make 
sense of the information that we possess. 

Mr. Etheridge. That being said then, as we look at the blackout 
that we just went through, and whether it was that or many others 
for that matter, whether they be terrorist-instigated or whether 
they be mechanical or something else has the same devastating 
economic impact as if we look at a situation where there is a hurri- 
cane or tornado or terrorists initiated it. At the end of the day it 
has the same impact. My question deals with the blackout. How 
will you characterize the FBI’s communication with local and State 
authorities due to this last blackout; what did you learn from that 
situation that hopefully in the future, not only for the FBI, but 
other agencies, that will allow us better to deal with something of 
this nature in the future? 

Mr. Mefford. I mean, the Bureau’s role is basically twofold in 
this case: Number one, on the preventive side, to collect intel- 
ligence information and to do so within the confines of our Con- 
stitution and rules and policies and laws, and to do that in conjunc- 
tion with State and local agencies that are members of our joint 
terrorism task forces. Right there at the very basic level it en- 
hances our coordination from the beginning. Secondly, if there is an 
incident, and to respond efficiently and to integrate into a broader 
U.S. Government response, the FBI has a very specialized role to 
play. We are not in the driver’s seat. We are not directing the re- 
sponse to a significant incident like the blackout. We have a very 
specialized role, and to focus our individuals in the FBI and our 
terrorism task forces in that very specialized role is that we see the 
value we can add. 

Clearly there is always room for improvement. We think we mus- 
tered our investigative capabilities quickly. We responded with our 
partners in State and local law enforcement. We always look to 
ways to improve communication, but overall I think we did a very 
successful job of that. It is still ongoing, and it is premature for me 
to give you any definitive report on exactly what we found from a 
criminal or terrorist standpoint. Preliminarily, as I indicated, at 
this stage we don’t have any indication of that type of activity. 

Mr. Etheridge. Finally, let me ask a question of both of you be- 
cause you indicated in previous testimony you saw no evidence of 
al Qaeda or others being involved in something this sophisticated 
as attacking the power grid, banking or water or sewer, et cetera, 
or as it relates to our computers. However, we just heard of an 18 
17 year-old youngster, pretty bright, probably smart enough that 
he should use his talents otherwise, but I would venture to say 
that it is not restricted to the United States. There are very bright 
youngsters around the world. If they can do it, then the potential 
for the future has to be there. 
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So my question is this: As it relates to that, I hope you will com- 
ment on the whole issue of that tied to this final question. You 
might want to touch this one, but I think this is a critical piece, 
and this is a critical piece of our software development that has a 
lot of bugs and trap doors and other things linked into it of where 
it is developed, whether it is inside this country or outside this 
country — the security that was mentioned earlier with our current 
situation so dependent on software and computers to move and dis- 
seminate information. 

Mr. Mefford. In reference to your first point, the Director of the 
FBI created the FBI Cyber Division specifically to address the vul- 
nerability that you outlined, and that is while we may not see indi- 
cations of a sophisticated capability on the part of our terrorist ad- 
versaries today, it would be foolish and unprofessional of us to ne- 
glect that area of concern, and therefore we are rapidly moving to 
increase and improve our internal capabilities in the FBI. We are 
working very closely with Homeland Security and other agencies 
for a coordinated approach because we see that not only long term, 
but see that — if the training continues on these tracks, it is prob- 
ably an inevitable vulnerability. 

In response to your second issue, that is a very, very complicated 
issue, and I will have to refer it to the technical experts, and I 
don’t have the education to respond appropriately. 

Mr. Black. The issue is for us to facilitate a positive process. We 
seek to make sure that the right contacts are in place, that the 
communication is robust and is sustainable over time. I want to 
make sure that our military is hooked up with militaries overseas, 
and the law enforcement of the United States, the FBI, is in con- 
tact with the right people overseas, and this exchange is working 
out. 

Cyberterrorism is a threat. We see more of it every day. I think 
the experts involved with this certainly are looking at it from the 
State Department perspective. Our job is to make sure they have 
the right contacts and the velocity of communication interaction 
meets the needs of our country. 

Mr. Camp. Mr. DeFazio may inquire. 

Mr. DeFazio. Thank you, Mr. Chairman. I guess probably I will 
direct this to Mr. Mefford, or perhaps it will have to come from a 
later panel. I guess specifically on the issue of electricity and the 
transmission and the grid, we have had some cyberattacks on nu- 
clear plant security that have been documented, but what progress 
have we made since it has been identified, as far as I know, for 
some time as a potential target of opportunity? I remember it being 
a target of opportunity. Back in my region of the country, it was 
thought at the time of the millennium both because of inadvertent 
failures, but also because of potential attacks. What progress have 
we made since 2000 or since 9/11 on hardening, safeguarding the 
backbone of the grid and our system of electric generation or trans- 
mission? 

Mr. Mefford. I am going to defer that to experts. I am not privy 
to the specifics of that. 

Mr. DeFazio. I guess even though the hearing is theoretically on 
that, is there someone in the FBI who specifically — 
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Mr. Mefford. That is the type of question I think is beyond the 
purview of the FBI and is beyond our role in this. 

Mr. DeFazio. Since you monitor threats, you must have some 
contact with the industry and some idea of steps or suggestions 
that might be — 

Mr. Mefford. And my general impression is that it is improving, 
but there is significant work to be done. And one of the improve- 
ments relates to education regarding a problem, and there is an ac- 
knowledgment and understanding of the problem or potential prob- 
lem far greater than what we have had historically. But as to ac- 
tual physical improvements and software and improvements to the 
networks, I would have to defer to the experts. 

Mr. DeFazio. Thank you, Mr. Chairman. 

Mr. Camp. Thank you. 

Mr. Dicks may inquire. 

Mr. Dicks. Thank you. 

Mr. Mefford, let me ask you something. The vice chairman of our 
panel Ms. Dunn asked you about whether there was any indication 
of a terrorist involvement in the attacks on the power system. 
What kind of things would you look for if there was a criminal or 
a terrorist attack? What kind of things would you be trying to find 
out? 

Mr. Mefford. Obviously there was not an obvious sabotage here. 
We would have known it. 

Mr. Dicks. Like a bomb? 

Mr. Mefford. Number one, we look for those types of issues. Be- 
cause the network is so widespread and components are in very re- 
mote areas, you can’t ascertain that immediately, and it would take 
a number of hours or days to find the source of that. But we clearly 
didn’t find any evidence of that. 

We then looked at the cyber piece, at the computer intrusion 
piece, to see if anybody has maliciously entered the networks that 
has some kind of access or control to the physical system. That is 
ongoing. To date we are working in a joint group with the agencies 
I have outlined, and my understanding that we have not found in- 
dications of that, but it is still ongoing. And then thirdly, it is a 
significant issue, and that is the insider threat. Did anybody do 
something that potentially has access to sensitive equipment and 
components that is not readily apparent on first review? That 
means potentially vetting employees and whatnot. We have not 
seen indications of that, but it is something we are concerned 
about. 

So it is a layered approach, and we start with the most obvious. 
If you look at al Qaeda, for instance, they have been involved in 
physical acts of terrorism. We have not seen anything other than 
that so far. Doesn’t mean they won’t shift gears, and we have to 
be attuned to that, but we would start from that premise and then 
work up. 

Mr. Dicks. Basically we have not seen al Qaeda launch 
cyberattacks against infrastructure in the United States or any- 
where else. 

Mr. Mefford. They have not. 

Mr. Dicks. They are using cruder techniques, the car bombs and 
things that you mentioned. 
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Mr. Mefford. Yes, sir. 

Mr. Dicks. We hear about the cyberattacks. Is it pretty much 
random, or are there any terrorist groups that have used 
cyberattacks or trying to test it against U.S. systems? I know the 
Defense Department, the State Department have been somewhat 
vulnerable. 

Mr. Mefford. There is a lot of misinformation out there today 
indicating that terrorists have launched attacks in attempting com- 
puter intrusions and whatnot. We have found no evidence of that. 
Now granted, there are very significant and often — we have seen 
in the last 30 days several significant attacks that have been a 
costly annoyance to U.S. governments and businesses, and we have 
seen various worms and viruses. And we have seen that impact on 
the private industry with the power grids and whatnot. We have 
not seen to date a very precise launched attack from a terrorist 
group. We are attuned to that, and we are careful to look for signs 
for that activity, and we have not seen that to date. 

Mr. Dicks. Ambassador Black, let me ask you, are we working 
with either — can you tell us what we are doing — I may have missed 
this in your statement, and forgive me. We had a lot of votes today. 
What are we doing with Canada and Mexico on these issues of 
international perspective in terms of the power grid? We know for 
a fact we are not investing enough money in the United States 
itself to keep our grid up to speed, but are we working and trying 
to cooperate with Canada and Mexico on these grid issues? 

Mr. Black. We have a very close relationship with both Canada 
and Mexico. As an example, we have a conference with my Cana- 
dian counterpart and his delegation in an interagency context. We 
exchange — we go there, and they come here. This is going to be 
here in DC. 

Mr. Dicks. Are there experts involved in this, or is it all policy? 

Mr. Black. There are all experts involved, but again, this is sort 
of a recurring theme with the State Department. Our job is to fa- 
cilitate the process; to make sure that everyone is communicating 
correctly, and that the quality of the exchange is good. We do not 
get involved in the mechanics of infrastructure defense. It is a proc- 
ess by which we make sure the lines of communication between the 
right agencies and the right experts between our two countries is 
there, ongoing, healthy, and it is good. Where there is a problem, 
we can step in and make sure that the appropriate adjustments are 
made. 

We do a lot of work across the board, in the security field, in the 
law enforcement field, and in the immigration and naturalization. 
So we look to make sure that this relationship with these two coun- 
tries is healthy and is across the board. And I think the quality of 
the exchange is very good. We participate in not only looking at the 
areas of common concern along the border, we look at ways we can 
assist each other in the common mission of counterterrorism else- 
where in the world, South America, with Canada, and other places 
in the world where they have a particular perspective or insight 
that is useful in the common defense of our respective homelands. 

Mr. Dicks. Mr. Mefford, you made a comment about how DHS 
was doing in terms of developing analysis of the vulnerability of 
our critical infrastructure. Do you have any idea — maybe others 
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can speak to this, but how long it is going to take us to get a good 
handle on the major infrastructure of the country? I suspect that 
is going to take a few years to get done. 

Mr. Camp. If the witness could answer quickly. The gentleman’s 
time has expired. 

Mr. Mefford. The time line, I do not know. 

Mr. Dicks. It is not done as of now. 

Mr. Mefford. That is correct. 

Mr. Camp. Mr. Andrews may inquire. 

Mr. Andrews. Thank you, Mr. Chairman. Thank the witnesses 
for their testimony. 

I wanted to follow up on Mr. Dick’s line of questioning, sort of 
ask the first half of the question. Mr. Mefford, if a utility company 
that was involved in the power grid experienced what they believe 
was an intrusion into their networks or their database, under what 
legal circumstances are they required to contact the FBI, and 
under what circumstances are they permitted — or is it discre- 
tionary for them to contact the FBI? 

Mr. Mefford. That is a good question, and I would have to do 
some research to give you a specific answer from the legal context, 
because I do not think that I am aware of the mandatory require- 
ment they contact us. 

Mr. Andrews. I am sure the Chairman is keeping the record of 
the hearing open, and I would be interested in hearing the answer 
to the question. 

Mr. Mefford. I am not sure if there is a specific requirement for 
somebody in that business, because I know in other lines of busi- 
ness there is not a mandated requirement. 

Mr. Andrews. Let us hypothesize chillingly that the next time 
something like this happens in the United States, a blackout like 
this, in fact, was intentional, that someone tried to get in and 
cause a blackout. To whom — let us say a utility company sees an 
intrusion into its database and believes it was an intentional at- 
tack and wants to let someone know. Who do they tell? 

Mr. Mefford. They can contact the nearest FBI office and relay 
that information. And the FBI Cyber Division would be assigned to 
look into that. 

Mr. Andrews. Does the FBI tell utility companies that? 

Mr. Mefford. Yes, I think so. 

As far as your earlier question about the potential mandated re- 
quirement, let me just ask an expert. 

I am informed that there is no mandated requirement. 

Mr. Andrews. I would be interested in the Agency’s thoughts 
about what such requirement might look like, whether it is desir- 
able or undesirable. 

Mr. Mefford. Also, I might add clearly the company that experi- 
ences this type of intrusion can contact the Department of Home- 
land Security, for instance, because we work with them in these 
cases, and if they notify the government, it would get to the right 
hands. 

Mr. Andrews. This, frankly, is one of my concerns, and I don’t 
fault the FBI for this, or anyone. There is a lot of different people 
they could contact, and it seems to me that information can move 
awfully slowly in a situation where we are not sure what it means, 
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as I think you testified. When you have 4,000 reports you got to 
run down, you don’t jump every time you hear one report. 

I think one of the things we ought to look at is some type of cen- 
tralized protocol for the utility industry and for other critical infra- 
structure industries to report such an intrusion in one place in real 
time for the information to be shared with the relevant players in 
real time so there could be an assessment done to perhaps prevent 
such a problem. 

Secretary Black, let me ask you a question. Let us assume that 
such an intrusion originated from another country that was some- 
how linked to us through networks and through other computer 
systems for critical infrastructure. Is there any international treaty 
or international law that requires countries to notify us — the sce- 
nario would be there is an intrusion which is initiated in a Euro- 
pean country, let us say, that manifests itself in the United States 
with a breakdown of the power grid. Is there any international 
legal obligation for the neighboring state to tell us that? 

Mr. Black. I would have to check, Congressman, and get back 
to you in writing, definitively, the legal aspects and requirements 
to do so. I will get back to you with that answer, sir. 

Mr. Black. Practically, an assault on the infrastructure, the 
cyber infrastructure, among most countries would be communicated 
in one fashion or the other as it had an impact for the United 
States. Either internationally or here domestically in the United 
States, the process would be started and led by the Department of 
Homeland Security. 

Mr. Andrews. I hear you say that is a matter of custom and not 
a matter of treaty or obligation. 

Mr. Black. I would have to check on the legal obligation. But in 
addition to that, in the interim, practically, information like this is 
exchanged in a security context. 

Mr. Andrews. As a secure communication among the foreign 
ministries or State Department? 

I thank both of you for your testimony, and I would be interested 
on your thoughts on the question I raised. 

Mr. Camp. Ms. Slaughter may inquire. 

Ms. Slaughter. Thank you, Mr. Chairman. 

Gentlemen, it is nice to have you here today. It was really one 
of the most beautiful days. I was about a mile away from the Niag- 
ara power facility when the lights went out. First thing I heard 
was Niagara Falls, it is their fault; a lightning strike. It was prob- 
ably the best day we had all summer, and you can count those on 
two hands. And the big trouble was — you know, is what has hap- 
pened. I think our first thought was we were perfectly content in 
our minds that that would never happen again; that after the last 
blackout, that all kinds of fail-safe measures were put in place. I 
don’t really believe up in my part of the area — we were so worried 
about the terrorists that might have done something, we weren’t 
sure what we were doing to ourselves. So we do what we often do: 
We blame the Canadians. And then the mayor of Toronto comes. 
And he has had a perfectly awful year — SARS — and he throws up 
his hands and says, have you ever known the Americans to take 
the blame for anything? Then we say we would all collectively 
blame Cleveland, and then it got over to Detroit. 
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As far as I know today, we are really not able to pinpoint what 
in the world happened there. This is probably the most frightening 
part of it to me, that we don’t even know after 2 weeks what hap- 
pened. And you have to ask yourself, if such a benign factor as 
somebody made a mistake somewhere could trigger the largest 
blackout in the history of North America, what in the world could 
we ever do to prevent something that is more malignant against 
us? And that is probably the thing that bothers me the most today. 
We not only don’t know what happened then, we certainly don’t 
know that we have anything in the world to stop anything in the 
future. 

Couple of things we have been trying to do since September 11 
is get a northern border coordinator. Since I have been in Congress 
now 17 years, we concentrate on the troubles of the southern bor- 
der with Mexico. We have always had a great relationship. But a 
billion and a half dollars’ worth of trade crosses that border every 
single day, and it is critical that we do everything we can not only 
to protect it, but to keep it open for trade. And we need a northern 
coordinator there because there are questions my colleagues have 
asked that are terribly important. Nobody knew who to call. All 
they knew is the lights are out, and they were working very hard 
to get them on. I assume they were talking to each other, but it 
was very, very difficult for any of us to know who to call. And I 
am afraid that we are going to get off balance like that again. 

My major concern, and I don’t know whether either of you have 
anything to do with it, but why we can’t get answers as to precisely 
what happened, where we broke down? And the deregulation of 
electricity has been a terrible thing. We forced utilities to divest 
themselves of generation capacity for electricity. The transmission 
lines have been neglected. The prices have gone sky high. The his- 
tory of Montana is replete with it. They had the lowest rates in the 
country until they deregulated. We are about to make some more 
mistakes here in Congress on an energy bill in throwing something 
in that we think might try to solve the problem of the blackout. 

My biggest disappointment is the inability to really have any 
confidence at all in what happened there. While I am sure that it 
was benign, I really believe that, that it could not happen again in 
any given time, and it might give us a sense that we will not be 
able to — whether it was something we had done ourselves — unless 
they came in with bombs or blow up the place. But we can really 
destabilize the harm to this country by having this power grid that 
works well. And I am so impressed by this picture that is making 
the rounds of the United States with the blackout part in the New 
England and the Northeast, just dropped off the face of the Earth. 
And while we — I have a little municipal power plant in the town 
I live in, and we had one old coal-fired plant that went right along 
producing power like it was supposed to do all the time. 

But I think we have come not too far in agreements concerning 
the possibilities. I am more worried about nuclear power, the vul- 
nerability of nuclear plants than I am of the power grid itself. But 
I am not going to be happy first until I know what happened here 
and to have the will in this Congress to fix it, because that is really 
important. There is no import in me asking — you have good con- 
tact. We appreciate what you are doing very much. And if I could 
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ask a personal favor, Mr. Mefford, before you leave, I would like 
to ask you to talk about an incident that happened in my district 
last week. 

Mr. Camp. The gentlewoman’s time has expired. Ms. Jackson-Lee 
may inquire. 

Ms. Jackson-Lee. Thank you very much, Mr. Chairman, and I 
will make a comment. I know that we have — if I might inquire, be- 
cause as I am reading it, it is not listed on the front cover as two 
panels, but I assume we have two panels. 

Let me — I hope I will be able to hear. Let me thank the wit- 
nesses for their presentations and just simply make the point, my 
delay was because we were having hearings on the Columbia 7 
tragedy, and we decided that the important responsibility of Con- 
gress is, one, the accountability question, and then the what hap- 
pened question so we would hope we wouldn’t travel the same jour- 
ney again. 

I also made a comment that is associated with the Homeland Se- 
curity Committee when the Columbia 7 incident happened on Feb- 
ruary 1, the fact that it happened post-9/11, you can imagine the 
thoughts that occurred as related to that incident, whether it was 
an act of terror. The same, I think, came to a lot of our minds with 
this incident dealing with the blackout. So I would hope that this 
committee would proceed with that focus, accountability, without 
shame, because without saying who did it, we can’t help those in 
the future not to do it; and then a pathway, if you will, of how we 
should correct this issue. 

So I would just offer to say to Mr. Black if I could, and maybe 
he could give me this brief answer, is that the approach being 
taken by the government agencies? Will we have a sense of ac- 
countability? And will we also have a pathway as it relates to 
homeland security, the question that we determined — I assume we 
have completed that, and maybe I am premature, that that was not 
an act of terror. Then how do we stand in the way of that? 

Mr. Black. In terms of the blackout and terms of accountability, 
I know from the State Department perspective that we all — all of 
us Americans are looking to — seeking to get a full determination in 
the causes of what happened so this cannot happen again. And for 
additional information I turn it over to Mr. Mefford. 

Mr. Mefford. The FBI is participating with a number of agen- 
cies in an integrated approach to find out what occurred, and clear- 
ly our perspective is the terrorist or criminal perspective; in other 
words, was somebody involved in criminal activity, were there ter- 
rorists involved? That is the scope and extent of our inquiry. To the 
degree we can contribute to the interagency understanding of what 
occurred, we are doing so in that regard. 

Ms. Jackson Lee. I thank you. 

So the accountability and what happened partnership you think 
is a fair one? 

Mr. Mefford. From my perspective, yes. 

Ms. Jackson Lee. I yield back. 

Mr. Camp. Thank you very much. I want to thank our panel. 

Mr. PASCRELL. Could I ask just one more question? 

Mr. Camp. Briefly. 
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Mr. Pascrell. I wanted to ask this before, but time ran out. 
Were there any intelligence operations or communications affected 
by the blackout? 

Mr. Mefford. No, sir, not in the environment in which we are 
active. I can’t speak for the broader Intelligence Community, but 
from the FBI standpoint, no. 

Mr. Pascrell. Your systems operated 100 percent during that 
blackout even in the areas affected? 

Mr. Mefford. To my knowledge, yes. 

Mr. Camp. Again, I want to thank our panel. I appreciate you 
being here and your testimony. And this is a joint hearing, and I 
will turn the gavel over to Mr. Thornberry, who will chair the sec- 
ond part of this hearing. 

Mr. Thornberry. [Presiding.] These witnesses are excused, and 
we would ask the second panel to come up and take your places. 

First let me thank these witnesses for your patience, and I ap- 
preciate very much each of you taking the time to be with us today. 
As with the previous witnesses, we are going to make your full 
statement a part of the record. We are going to ask each of you to 
summarize in 5 minutes your statement and then turn to ques- 
tions. We are going to start with Paul Gilbert, former panel Chair 
on Energy Facilities, Cities and Fixed Infrastructure, for the Na- 
tional Research Council. 

Mr. Gilbert, thank you for being here. You are recognized for 5 
minutes. 

STATEMENT OF PAUL H. GILBERT, FORMER PANEL CHAIR, 

ENERGY FACILITIES, CITIES, AND FIXED INFRASTRUCTURE, 

NATIONAL RESEARCH COUNCIL 

Mr. Gilbert. Thank you, sir. Good afternoon, and thank you, 
Chairmen, and all the members of the committee. 

I am Paul Gilbert. I am a senior officer of Parsons Brinckerhoff 
as well as a member of the National Academy of Engineering, and 
was Chair of the National Research Council panel responsible for 
the chapter on energy systems in the NRC report, Making the Na- 
tion Safer: The Role of Science and Technology in Countering Ter- 
rorism. Copies of that report have been submitted to the sub- 
committee. 

It is a pleasure to come before you today to assist in focusing at- 
tention on the vulnerabilities of our electric power system, includ- 
ing the cyber subsystems and the enormous dependency of our crit- 
ical infrastructure on the electric supply. Over the past decade our 
electric supply system has been tasked to carry ever-increasing 
loads. It has also undergone a makeover from being a highly regu- 
lated, vertically integrated utility to one that is partially deregu- 
lated, far less unified, not so robust and resilient as it was. The 
generation side is essentially deregulated and operating under an 
open market set of conditions. At the same time the transmission 
sector remains fully regulated, but under voluntary compliance re- 
liability rules, resulting in diminished investments in maintenance 
and spare parts and lower reliability. 

Another concern is that in seeking to reduce operating costs, the 
operating companies have installed automated cybercontrollers, or 
SCADA systems, to perform functions that people previously per- 



59 


formed. These open architecture cyber units are an invitation for 
those who would seek to use computer technology to attack the 
grid. 

The in-place electrical utility assets today are typically being op- 
erated at close to the limit of available capacity. In this mode an- 
other characteristic of such complex systems appears. When oper- 
ated near their capacity, these systems are fragile, having little re- 
serve within which to handle power or load fluctuations. When load 
and capacity are out of balance, shutting down becomes the only 
way a system element has to protect itself from severe damage. 
However, the loss of a piece of the grid, let us say a transmission 
line, does not end the problem. A line down takes down with it the 
power that it was transmitting. The connected power plant that 
was producing that power, having no connected load, must also 
shut down. In these highly integrated grids, more lines have imbal- 
ance problems, and more plants sense the capacity limitations and 
they all shut down. The cascading effect spreads rapidly in many 
directions, and in seconds an entire sector of the North American 
grid can be down. And this is what we experienced a few weeks ago 
from an accident, not from an attack. 

The exact same consequences could, however, too easily be pro- 
duced by a terrorist attack from a small, trained team. This was 
the scenario assumed in the Making the Nation Safer report, where 
several critical nodes in the grid were taken out in a well planned 
and executed terrorist attack. The cascading system failures re- 
sulted in regionwide catastrophic consequences. Recovery, in the 
case cited, was estimated to take weeks or months, not hours or 
days, and the damage done to our people and our economy was es- 
timated to be enormous. 

Now, while the report does not speculate in any detail on the ex- 
tended consequences of such an event. I have been asked to do so 
here, and so I offer the following as a personal opinion. Based on 
the critical infrastructure, and because that critical infrastructure 
is so extensively integrated, with power out beyond a day or two 
in our cities, both food and water supplies would soon fail. Trans- 
portation systems would come to a standstill. Wastewater could not 
be pumped. And so we would soon have public health problems. 
Natural gas pressure would decline, and some would lose gas alto- 
gether, very bad news in the winter. Nights would become very 
dark with no lighting, and communications would be spotty or non- 
existent. Storage batteries would have been long gone from the 
stores, if any stores were still open. Work, jobs, employment, busi- 
ness and economic activity would be stopped. Our economy would 
take a major hit. All in all our cities would not be very nice places 
to be. Some local power generators such as at hospitals would get 
back up, and so there would be islands of light in the darkness. 
Haves and have-nots would get involved. It would not be a very 
safe place to be either. Martial law would likely follow, along with 
emergency food and water supply relief. 

At our core we would rally and find ways to get by while the sys- 
tems are being repaired. In time the power would start to come 
back, tentatively at first, with rolling blackouts, and then in all its 
glory. Several weeks to months would have passed, and the enor- 
mous recovery and clean-up would begin. This is simply one per- 
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son’s view, but based upon a fairly in-depth understanding of the 
critical interdependency of our infrastructure. 

Chapter 6 of the Making the Nation Safer report addresses ac- 
tions that are designed to minimize or control the vulnerabilities 
that exist in the electric power system. Those recommendations 
that were made some 15 months ago are as on point today as they 
were then. In some cases actions have been initiated. The blackout 
last month drew attention to the areas of critical infrastructure 
need and to the frightening dependence we have on power supplies. 

We at the Academies are committed to continue to contribute our 
efforts to effectively resolve these issues. Thank you for inviting me 
today and for your leadership in holding these hearings, and I will 
be happy to answer any questions. 

Mr. Thornberry. Thank you. 

[The statement of Mr. Gilbert follows:] 

PREPARED STATEMENT OF PAUL H. GILBERT 

Good afternoon, Chairman Thornberry, Chairman Camp, and members of the 
Subcommittees. My name is Paul Gilbert. I am an officer and director emeritus of 
Parsons Brinckerhoff, Inc. I am also a member of the National Academy of Engi- 
neering and was Chair of the National Research Council Panel responsible for the 
Chapter on Energy Systems for the NRC Branscomb-Klausner Report, Making the 
Nation Safer: The Role of Science and Technology in Countering Terrorism. Copies 
of this report have been submitted to the subcommittees. As you know, the NRC 
is the operating arm of the National Academy of Sciences, National Academy of En- 
gineering and the Institute of Medicine, chartered in 1863, to advise the government 
on matters of science and technology. The subject report was the product of the mo- 
bilized academies following the 9/11 attacks. Some 130 volunteers from every branch 
of science, engineering and medicine assembled to undertake this work on an urgent 
basis with the report production financed entirely with private funds of the Acad- 
emies. The report was first presented in June of 2002. It is a pleasure to come be- 
fore you today to assist in focusing attention on the vulnerabilities of our Electric 
Power Systems, including their cyber sub systems, and the enormous dependence 
of other critical infrastructure on the electric supply. 

Our basic infrastructure systems include our electric power, food, and water sup- 
plies, waste disposal, natural gas, communications, transportation, petroleum prod- 
ucts, shelter, employment, medical support and emergency services, and facilities to 
meet all our basic needs. These are a highly integrated, mutually dependent, heavily 
utilized mix of components that provide us with vitally needed services and life sup- 
port. While all these elements are essential to our economy and our well being, only 
one has the unique impact, if lost, of causing all the others to either be seriously 
degraded or completely lost. And that, of course, is electric power. Our technically 
advanced society is literally hard wired to a firm, reliable electric supply. 

Over the past decade, that electric supply system has been tasked to carry ever- 
greater loads (power demands). It has also undergone a makeover from being a 
highly regulated, vertically integrated utility industry to one that is partially de- 
regulated, far less unified, and not so robust and resilient as it was. The generation 
side is essentially deregulated and operating under an open market set of conditions 
where competitive price, low operating costs and return on investment are rewarded 
with profits and bonuses. Applicable regulations are broad and not consistent state 
to state. At the same time the transmission sector remains fully regulated but under 
voluntary compliance reliability rules. Reported uneven voluntary compliance with 
reliability rules and diminishing investments in maintenance and spare parts by the 
transmission companies have pointed to the need for the legislation pending which 
intends to make mandatory the rules for transmission operations. This result is 
clearly a necessity for our national safety. 

Another concern is that in seeking to reduce operating costs, operating companies 
have installed SCADA units and LANs, automated cyber controllers, to perform 
functions that people previously performed. These open architecture cyber units are 
an invitation for those who would seek to use computer technology to attack the 
grid. 

The dramatic changes described have played out with the result that the in-place 
electrical system assets today are, of necessity, typically being operated very effi- 



61 


ciently at close to the limit of available capacity. In this mode, another char- 
acteristic of such complex systems appears. When operated near their capacity, 
these systems are fragile, having little reserve within which to handle power or load 
fluctuations. When load and capacity are out of balance, shutting down becomes the 
only way a system element has to protect itself from severe damage. However, the 
loss of a piece of the grid, a section of transmission line, does not end the problem. 
The line down takes with it the power it was transmitting. A connected power plant 
that was producing that power, having no connected load, must also shut down. In 
these highly integrated grids, more lines have imbalance problems and more plants 
sense capacity limitations and so they also shut down. This cascading failure 
spreads rapidly in many directions and in seconds, an entire sector of the North 
American grid can be down. We had a living example of this event, last month, 
caused by an accident. We were fortunate to see the power return in so short a time. 

The exact same consequences could too easily be reproduced by a terrorist attack 
from a small trained team. This was the scenario assumed in the Making the Na- 
tion Safer report where several critical nodes in the grid were taken out in a well 
planned and executed terrorist attack. The cascading system failures resulted in re- 
gion-wide catastrophic consequences. Recovery, in the case cited, was estimated to 
take weeks or months, not hours or days, and the damage done to our people and 
our economy was estimated to be enormous. 

While the report does not speculate in any detail on the extended consequences 
of such an event, I have been asked to do so here, and so offer the following as a 
personal opinion. Because our critical infrastructure is so very integrated, with 
power out beyond a day or two, both food and water supply would soon fail. Trans- 
portation systems would be at a standstill with no power to pump the fuels. Waste- 
water could not be pumped away and so would become a health problem. In time 
natural gas pressure would decline and some would lose gas altogether. Nights 
would be very dark, and communications would be spotty or non-existent. Storage 
batteries would have been long gone from the stores, if any stores were open. Work, 
jobs, employment, business and economic activity would be stopped. Our economy 
would take a major hit. All in all, our cities would not be very nice places to be. 
Some local power generators and grids would get back up and so there would be 
islands of light in the darkness. “Haves” and “have-nots” would get involved. It 
would not be a very safe place to be either. Marshal law would likely follow along 
with emergency food and water supply relief. At our core, we would rally and find 
ways to get by while the system is being repaired. In time, the power would start 
to come back, tentatively at first, with rolling blackouts, and then in all its glory. 
Several weeks to months would have passed, and the enormous clean up and recov- 
ery would begin. This is one person’s opinion, based on an understanding of this 
highly dependent infrastructure system. 

We have the means to limit the kind of disaster that has been speculated upon 
above. The recommendations provided in Chapter 6 of the report address actions 
that are designed to minimize or control the immediate vulnerabilities that exist in 
the electric power systems and then to seek longer-term, more permanent solutions. 
Those recommendations are as on-point today as they were when published 15 
months ago. In some cases actions have been initiated along the lines recommended. 
To paraphrase key points: 

• Immediate attention is needed to mobilize the leadership, and then the re- 
sources of people and organizations to first determine the proper roles for each 
interested party, and then to come together, meet and develop needed plans. 
Some of this recommendation has been achieved. 

• Issues that deter open discussions among the private and governmental par- 
ties need to be quickly resolved. These include matters of antitrust, liability and 
FOIA. 

• Review by government of the institutional and market settings for the indus- 
try (regulated, deregulated, and open free market) need attention to refocus the 
included incentives on what the nation needs to live safely. 

• Tools now employed by the military to analyze facility vulnerabilities should 
be mobilized for use on the grids, perhaps by transferring them to DHS. 

• Coordinated studies are indicated to identify the most critical equipment in 
the respective power systems and to describe the protective measures to be 
taken with each. Some progress has been reported here. 

• For these highly complex grids, simulation models that are capable of identi- 
fying points of greatest vulnerability and transmission reserves remaining in 
critical sections of the grid are needed. 

• Statutory action is indicated to allow recovery crews to immediately enter 
what would then be a crime scene following an attack to quickly commence the 
work of repair, recovery, and restoration of service. 
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• Regulatory bodies must be encouraged to find the means for transmission or- 
ganizations to define costs for counter terrorism improvements and for recov- 
ering those costs from their operations or from other sources. 

• The use of SCADA systems in unprotected configurations should be ad- 
dressed, and expert advice obtained regarding the options available to correct 
the vulnerabilities now present. 

• Research is indicated that addresses particular critical system equipment 
needs. First among the list is the potential value of modular universal EHV 
transformers to support rapid grid recovery. 

• For the longer term, research is needed to determine the equipment, tech- 
nology and processes required for transition our grid systems to become smart 
grids, intelligent, adaptive power grids. 

There is more substance and detail in Chapter 6 of the referenced report. The un- 
fortunate black out last month has drawn important attention to this area of critical 
infrastructure need and to the frightening dependence we have on our power sup- 
plies. We at the Academies are committed to continue to contribute to the efforts 
to effectively resolve these issues. 

Thank you for inviting me today and for your leadership in holding these hear- 
ings. I will be happy to respond to your questions. 

Mr. Thornberry. And a copy of that report from the National 
Research Council has already been made available to each member 
of the subcommittee. So we thank you. 

Our next witness is Peter Orszag, senior fellow from the Brook- 
ings Institution. You are recognized for 5 minutes. 

STATEMENT OF PETER R. ORSZAG, Ph.D., JOSEPH A. PECHMAN 
SENIOR FELLOW, BROOKINGS INSTITUTION 

Mr. Orszag. Thank you very much for the opportunity to appear 
before you this afternoon. 

The blackout of 2003 has underscored concerns about the vulner- 
ability of our Nation’s critical infrastructure to both accidents and 
deliberate attack, providing an immediate connection to the Na- 
tion’s homeland security efforts. But the blackout may offer a deep- 
er lesson. A common explanation for the problems facing the elec- 
tricity system is that private firms have had inadequate incentives 
to invest in distribution lines. 

An important point is that market incentives are extremely pow- 
erful, but for that very reason it is essential that they be struc- 
tured properly. As the FERC Chairman has put it, we cannot sim- 
ply let markets works, we must make markets work. 

In the context of homeland security, we simply can’t let markets 
work either. They won’t. So we have to make them work. We have 
to change the structure of incentives facing private firms so market 
forces are directed towards reducing the cost of achieving a given 
level of security instead of providing a lower level of security than 
is warranted. Given the significance of the private sector in home- 
land security settings, this task is critical. 

To be sure, private firms do have some incentive to avoid the di- 
rect financial losses associated with a terrorist attack on their fa- 
cilities or operations. In general, however, and despite claims to the 
contrary made by many homeland security officials, that incentive 
is not compelling enough to encourage the appropriate level of se- 
curity and therefore must be supplemented with stronger market- 
based incentives to increase the level of security. 

My written testimony provides several reasons for why private 
markets by themselves do not generate sufficient incentives for in- 
vestments in homeland security. As just one example, consider the 
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effect of bankruptcy laws. Such bankruptcy laws limit the corporate 
and individual financial exposure to the losses from an attack and 
can thereby attenuate the incentives to protect against attacks, es- 
pecially in the context of catastrophic failures of network systems 
that can cause losses that far exceed the net worth of any indi- 
vidual company. 

The general conclusion is that we just can’t leave it up to the 
market in protecting ourselves against terrorist attacks. The mar- 
ket has an important role to play. Government intervention in 
some form and in some markets will be necessary to fashion the 
appropriate response to the threat of terrorism. 

Now, the need for government intervention in some cases and 
some markets doesn’t tell you how the government should inter- 
vene or precisely when. And in my written testimony I do provide 
some guidelines for when intervention is appropriate, and also 
point to a model that I think is the most auspicious in terms of 
being cost-effective, at least over the longer term, which combines 
some minimal level of regulation and an insurance requirement 
and third-party inspections. Under this system, the government 
would set some level of security regulations for private firms and 
then mandate the purchase of antiterrorism insurance. Private in- 
surance firms would then provide incentives for safer behavior by 
offering premium reductions to firms that improve their security. 
And third-party auditors would help insurance firms make sure 
that the insured firms are actually doing what they are saying they 
are doing, and also helping ensure that the minimum level of gov- 
ernment regulations are being met without a huge government bu- 
reaucracy. 

A mixed regulatory insurance system similar to this is already 
applied in many other sectors, such as owning a car or a house. 
Consider your house. There are local building codes that regulate 
the structure of that house. That is a regulatory approach. But in 
general, when you go to get a mortgage, you also have to have in- 
surance, and insurance firms provide incentives for going beyond 
the minimum level of the building code. If you put in a security 
system, you will get a premium break for doing so. So the insur- 
ance firm is providing you an incentive to have a safer house than 
the minimum regulatory standard would suggest. 

And I offer other examples that already exist. This sort of mixed 
system of minimum standards coupled with an insurance mandate 
can not only encourage private firms to act more safely, but can 
also provide incentives for innovation to reduce the cost of achiev- 
ing a given level of security over time, and I think that is particu- 
larly important in the homeland security context. It also has the 
advantage of being flexible also, an important attribute in an envi- 
ronment in which threats are evolving. 

Studies have shown how such a program could be implemented 
in practice. In Delaware and Pennsylvania, the State departments 
of environmental protection have worked closely with the insurance 
industry to test-pilot this type of approach with regard to making 
chemical facilities safer not against terrorist attacks, but safer 
against accidents, and I think that this basic model could be ap- 
plied in many homeland security settings. 
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In conclusion, this typed of mixed system of minimum regulatory 
standards, insurance and third-party inspections could harness 
market forces to provide homeland security in a cost-effective way. 
Of course, this approach can and should be supplemented or re- 
placed when there is evidence that other approaches would be more 
efficient. 

But my important bottom line is that we cannot simply assume 
that the market will ensure that we are adequately — and by “we,” 
I mean our private facilities and operations which are so critical to 
our economy — are adequately protected against attack. They won’t. 
We have to make markets work better than they would in the ab- 
sence of government intervention. 

Thank you very much, Mr. Chairman. 

Mr. Thornberry. Thank you very much. I appreciate it. 

[The statement of Mr. Orszag follows:] 

PREPARED STATEMENT OF PETER R. ORSZAG 1 , Ph.D., JOSEPH A. PECHMAN 

SENIOR FELLOW IN ECONOMIC STUDIES, THE BROOKINGS INSTITUTION 

The blackout of 2003 has underscored concerns about the vulnerability of our na- 
tion’s critical infrastructure to both accidents and deliberate attack, providing an 
immediate connection to the nation’s homeland security efforts. But the blackout 
may offer a deeper lesson beyond the vulnerability of the nation’s electricity grid to 
terrorist attack. In particular, a common explanation for the problems facing the 
electricity system is that private firms have had inadequate incentives to invest in 
distribution lines. 

The important point is that market incentives are extremely powerful. For that 
very reason, however, it is essential that they be structured properly. As Patrick 
Wood, chairman of the Federal Energy Regulatory Commission, has put it: “We can- 
not simply let markets work. We must make markets work.” 2 

In homeland security, private markets do not automatically produce the best re- 
sult. We must therefore alter the structure of incentives so that market forces are 
directed toward reducing the costs of providing a given level of security for the na- 
tion, instead of providing a lower level of security than is warranted. Given the sig- 
nificance of the private sector in homeland security settings, structuring incentives 
properly is critical. 

To be sure, private firms currently have some incentive to avoid the direct finan- 
cial losses associated with a terrorist attack on their facilities or operations. In gen- 
eral, however, that incentive is not compelling enough to encourage the appropriate 
level of security — and should therefore be supplemented with stronger market-based 
incentives in several sectors. 

My testimony argues that: 

• Private markets, by themselves, do not provide adequate incentives to invest 
in homeland security, and 

• A mixed system of minimum regulatory standards, insurance, and third-party 
inspections would better harness the power of private markets to invest in 
homeland security in a cost-effective manner. 

Incentives for homeland security in private markets 

Private markets by themselves do not generate sufficient incentives for homeland 
security for seven reasons: 

• Most broadly, a significant terrorist attack undermines the nation’s sov- 
ereignty, just as an invasion of the nation’s territory by enemy armed forces 
would. The costs associated with a reduction in the nation’s sovereignty or 


1 The views expressed here do not necessarily represent those of the staff, officers, or board 
of the Brookings Institution. I thank Michael O’Hanlon, Ivo Daalder, I.M. Destler, David Gun- 
ter, Robert Litan, and Jim Steinberg for the joint work upon which this testimony draws, Emil 
Apostolov for excellent research assistance, and Howard Kunreuther for helpful comments. For 
related details, see Protecting the American Homeland: One Year On (Brookings Institution 
Press: 2003). Also see Howard Kunreuther, Geoffrey Heal, and Peter Orszag, “Interdependent 
Security: Implications for Homeland Security Policy and Other Areas,” Policy Brief #108, Brook- 
ings Institution, October 2002, and Howard Kunreuther and Geoffrey Heal, “Interdependent Se- 
curity,” Journal of Risk and Uncertainty 26: 231-249 (March/May 2003). 

2 Quoted in David Wessel, “A Lesson from the Blackout: Free Markets Also Need Rules,” Wall 
Street Journal, August 28, 2003. 
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standing in the world may be difficult to quantify, but are nonetheless real. In 
other words, the costs of the terrorist attack extend well beyond the immediate 
areas and people affected; the attack imposes costs on the entire nation. In the 
terminology of economists, such an attack imposes a “negative externality.” The 
presence of this negative externality means that private markets will undertake 
less investment in security than would be socially desirable: Individuals or 
firms deciding how best to protect themselves against terrorism are unlikely to 
take the external costs of an attack fully into account, and therefore will gen- 
erally provide an inefficiently low level of security against terrorism on their 
own . 3 Without government involvement, private markets will thus typically 
under-invest in anti-terrorism measures . 4 

• Second, a more specific negative externality exists with regard to inputs into 
terrorist activity. For example, loose security at a chemical facility can provide 
terrorists with the materials they need for an attack. Similarly, poor security 
at a biological laboratory can provide terrorists with access to dangerous patho- 
gens. The costs of allowing terrorists to obtain access to such materials are gen- 
erally not borne by the facilities themselves: the attacks that use the materials 
could occur elsewhere. Such a specific negative externality provides a compel- 
ling rationale for government intervention to protect highly explosive materials, 
chemicals, and biological pathogens even if they are stored in private facilities. 
In particular, preventing access to such materials is likely to reduce the overall 
risk of catastrophic terrorism, as opposed to merely displacing it from one venue 
to another. 

• Third, a related type of externality involves “contamination effects.” Contami- 
nation effects arise when a catastrophic risk faced by one firm is determined 
in part by the behavior of others, and the behavior of these others affects the 
incentives of the first firm to reduce its exposure to the risk. Such inter- 
dependent security problems can arise, for example, in network settings. The 
problem in these settings is that the risk to any member of a network depends 
not only on its own security precautions but also on those taken by others. Poor 
security at one establishment can affect security at others. The result can often 
be weakened incentives for security precautions . 5 For example, once a hacker 
or virus reaches one computer on a network, the remaining computers can more 
easily be contaminated. This possibility reduces the incentive for any individual 
computer operator to protect against outside hackers. Even stringent cyber-se- 
curity may not be particularly helpful if a hacker has already entered the net- 
work through a “weak link.” 

• A fourth potential motivation for government intervention involves informa- 
tion — in particular, the cost and difficulty of accurately evaluating security 
measures. For example, one reason that governments promulgate building codes 
is that it would be too difficult for each individual entering a building to evalu- 
ate its structural soundness. Since it would also be difficult for the individual 
to evaluate how well the building’s air intake system could filter out potential 
bio-terrorist attacks, the same logic would suggest that the government should 
set minimum anti-terrorism standards for buildings if there were some reason- 


3 It is also possible, at least in theory, for private firms to invest too much in anti-terrorism 
security. In particular, visible security measures (such as more uniformed guards) undertaken 
by one firm may merely displace terrorist attacks onto other firms, without significantly affect- 
ing the overall probability of an attack. In such a scenario, the total security precautions under- 
taken can escalate beyond the socially desirable levels — and government intervention could theo- 
retically improve matters by placing limits on how much security firms would undertake. 
Unobservable security precautions (which are difficult for potential terrorists to detect), on the 
other hand, do not displace vulnerabilities from one firm to another and can at least theoreti- 
cally reduce the overall level of terrorism activity. For an interesting application of these ideas 
to the Lojack automobile security system, see Ian Ayres and Steven Levitt, “Measuring Positive 
Externalities from Unobservable Victim Precaution: An Empirical Analysis of Lojack,” Quarterly 
Journal of Economics, Vol. 108, no. 1 (February 1998). For further analysis of evaluating public 
policy in the presence of externalities, see Peter Orszag and Joseph Stiglitz, “Optimal Fire De- 
partments: Evaluating Public Policy in the Face of Externalities,” Brookings Institution Working 
Paper, January 2002. 

4 The Coase theorem shows that under very restrictive conditions, the negative externality can 
be corrected by voluntary private actions even if the role of government is limited to enforcing 
property rights. But the Coase theorem requires that all affected parties are able to negotiate 
at sufficiently low cost with each other. Since virtually the entire nation could be affected indi- 
rectly by a terrorist attack, the costs of negotiation are prohibitive, making the Coase theorem 
essentially irrelevant in the terrorism context. 

5 See Howard Kunreuther and Geoffrey Heal, “Interdependent Security,” Journal of Risk and 
Uncertainty 26: 231-249 (March/May 2003), and Howard Kunreuther, Geoffrey Heal, and Peter 
Orszag, “Interdependent Security: Implications for Homeland Security Policy and Other Areas,” 
Policy Brief #108, Brookings Institution, October 2002. 
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able threat of a terrorist attack on the relevant type of buildings (so that the 
individual would have some interest in ensuring that the building were pro- 
tected against biological attack). Similarly, it would be possible, but inefficient, 
for each individual to conduct extensive biological anti-terrorism safety tests on 
the food that he or she was about to consume. The information costs associated 
with that type of system, however, make it much less attractive than a system 
of government regulation of food safety. 

• The fifth justification for government intervention is that corporate and indi- 
vidual financial exposures to the losses from a major terrorist attack are inher- 
ently limited by the bankruptcy laws. For example, assume that there are two 
types of possible terrorist attacks on a specific firm: A very severe attack and 
a somewhat more modest one. Under either type of attack, the losses imposed 
would exceed the firm’s net assets, and the firm would declare bankruptcy — and 
therefore the extent of the losses beyond that which would bankrupt the firm 
would be irrelevant to the firm’s owners. Since the outcome for the firm’s own- 
ers would not depend on the severity of the attack, the firm would have little 
or no incentive to reduce the likelihood of the more severe version of the attack 
even if the required preventive steps were relatively inexpensive. From society’s 
perspective, however, such security measures may be beneficial — and govern- 
ment intervention can therefore be justified to address catastrophic possibilities 
in the presence of the bankruptcy laws. 

• The sixth justification for government intervention is that the private sector 
may expect the government to bail it out should a terrorist attack occur. The 
financial assistance to the airline industry provided by the government fol- 
lowing the September 11th attacks provides just one example of such bailouts. 
Such expectations create a “moral hazard” problem: private firms, expecting the 
government to bail them out should an attack occur, do not undertake as much 
security as they otherwise would. If the government cannot credibly convince 
the private sector that no bailouts will occur after an attack, it may have to 
intervene before an attack to offset the adverse incentives created by the expec- 
tation of a bailout. 

• The final justification for government intervention involves incomplete mar- 
kets. The most relevant examples involve imperfections in capital and insurance 
markets. For example, if insurance firms are unable to obtain reinsurance cov- 
erage for terrorism risks (that is, if primary insurers are not able to transfer 
some of the risk from terrorism costs to other insurance firms in the reinsur- 
ance market), some government involvement may be warranted. In addition, 
certain types of activities may require large-scale coordination, which may be 
possible but difficult to achieve without governmental intervention. 

The relative strength of these potential justifications for government intervention 
varies from case to case. Furthermore, the benefits of any government intervention 
must be weighed against the costs of ineffective or excessively costly interventions — 
that is, that the government intervention may do more harm than good. Even if an 
omniscient government could theoretically improve homeland security in a manner 
that provides larger benefits than costs, it is not clear that real-world govern- 
ments — suffering from political pressures, imperfect information, and skewed bu- 
reaucratic incentives — would. The potential for government failure depends on the 
characteristics of the particular government agency and the sector involved. For ex- 
ample, it seems plausible that government failure is a particular danger in innova- 
tive and rapidly evolving markets. 6 

Both the need for government intervention and the potential costs associated with 
it thus vary from sector to sector, as should the policy response. Government inter- 
vention will generally only be warranted in situations in which a terrorist attack 
could have catastrophic consequences. Nonetheless, the general conclusion is that 
we can’t just “leave it up to the market” in protecting ourselves against terrorist 
attacks. The market has an important role to play, but government intervention in 
some form and in some markets will be necessary to fashion the appropriate re- 
sponse to the threat of terrorism. 

Modifying incentives for the private sector to invest in homeland security 

The need for some sort of government intervention to protect private property and 
activities against terrorism does not determine how or in which situations the gov- 


6 As the great British economist Alfred Marshall emphasized, “A Government could print a 
good edition of Shakespeare’s works, but it could not get them written. . .Every new extension 
of Governmental work in branches of production which need ceaseless creation and initiative 
is to be regarded as prima facie anti-social, because it retards the growth of that knowledge and 
those ideas which are incomparably the most important form of collective wealth.” Alfred Mar- 
shall, “The Social Possibilities of Economic Chivalry,” Economic Journal, 1907, pages 7—29. 
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ernment should intervene. The various tools that the government could employ, fur- 
thermore, will likely determine how costly the intervention will be, as well as who 
will bear those costs. For example, to improve safety in commercial buildings, the 
government could: 

• Impose direct regulation: The Federal government could require that certain 
anti-terrorist features be included in any commercial or public building . 7 

• Require insurance: The Federal government could require every commercial 
or public building to carry insurance against terrorism, much as state govern- 
ments now typically require motorists to carry some form of auto liability insur- 
ance . 8 The logic of such a requirement is that insurance companies would then 
provide incentives for buildings to be safer. 

• Provide a subsidy for anti-terrorism measures: The Federal government could 
provide a subsidy — through direct government spending or through a tax incen- 
tive — for investing in anti-terrorism building features or for other steps to pro- 
tect buildings against attacks. 

More broadly, each of the various approaches for minimizing the dangers and po- 
tential damages related to terrorism likely entails a different level of aggregate 
costs, and also a different distribution of those costs across sectors and individuals . 9 
Direct regulation 

The principal benefit of a direct regulatory approach is that the regulatory stand- 
ard provides a minimum guarantee regarding anti-terrorism protection, assuming 
the regulations are enforced . 10 For example, if skyscrapers are natural targets for 
terrorists, requiring security measures in such buildings accomplishes two goals: 

• First, it ensures that the buildings are better protected against attack. 

• Second, it raises the costs of living in skyscrapers and therefore discourages 
people from living there — which may be appropriate as a means of diminishing 
the nation’s exposure to catastrophic attack, given the buildings’ assumed 
attractiveness to terrorists. 

There are, however, also downsides to direct regulation: 

• First, the minimum regulatory threshold may be set at an inappropriate 
level . 11 

• Second, a regulatory approach, especially one that reflects a “command and 
control” system rather than market-like incentives, can be an unnecessarily ex- 
pensive mechanism for achieving a given level of security . 12 Such an approach 


7 Although building codes traditionally fall within the jurisdiction of local governments, the 
Americans with Disabilities Act (ADA) mandated changes in buildings. A precedent therefore 
exists for Federal pre-emption of local building codes. It should be noted that the ADA does not 
directly affect existing building codes. But the legislation requires changes in building access 
and permits the Attorney General to certify that a State law, local building code, or similar ordi- 
nance “meets or exceeds the minimum accessibility requirements” for public accommodations 
and commercial facilities under the ADA. Such certification is considered “rebuttable evidence” 
that the state law or local ordinance meets or exceeds the minimum requirements of the ADA. 

8 The McCarren-Ferguson Act delegates insurance regulation to the states. The Federal gov- 
ernment could nonetheless effectively impose an insurance mandate either by providing strong 
incentives to the states to adopt such a mandate, or perhaps by mandating that all commercial 
loans from a federally related financial institution require the borrower to hold such insurance. 

9 In theory, the different approaches to implementing a security measure could be separated 
from how the costs of the measure were financed — for example, firms adhering to regulatory 
standards could be reimbursed by the Federal budget for their costs. In practice, however, the 
method of implementation often implies a method of financing: the cost of regulations will be 
borne by the producers and users of a service, and the cost of a general subsidy will be borne 
by taxpayers as a whole. In evaluating different implementation strategies, financing implica- 
tions must therefore be taken into account. 

10 Fines could be adopted as part of the regulatory system to ensure compliance with min- 
imum standards for preventative measures. 

11 In other words, an anti-terrorism standard for, say, athletic arenas could impose an exces- 
sively tight standard (which would involve unnecessary costs) or an excessively loose standard 
(which would involve insufficient protection against terrorist threats). 

12 For example, in the environmental context, placing the same limit on emissions of harmful 
substances by all firms or individuals ignores the differences in costs of preventing pollution. 
That is why economists have long advocated market-based approaches to emission reductions, 
such as a permit trading system (which is currently in place for sulfur dioxide emissions) or 
a tax on emissions. Either market-based approach to regulation can achieve the same level of 
environmental protection at lower overall cost than a regulatory approach because it encourages 
those who can most cheaply control pollution do so (to avoid paying for the permit or the tax). 
A key requirement for a permit trading system or a tax, however, is some system for measuring 
“outcomes,” such as the monitoring of pollution emitted by parties subject to the tax or partici- 
pating in the system. In the context of anti-terrorism measures, the appropriate metric would 
be related to the expected loss from a terrorist attack. Yet it is difficult to see how such expected 
losses could be quantified and thus provide the basis for a permit trading system or a tax. 
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may be particularly inefficient because of the substantial resources required to 
enforce the regulations. 

• Third, the regulatory approach does not generally provide incentives for inno- 
vation. Firms would have an incentive to meet the minimum regulatory stand- 
ard, but little incentive to exceed it. Indeed, depending on how it is written, reg- 
ulation may impede innovation in finding new (and less costly) approaches to 
improving protection against terrorism, especially if the rules are of the stand- 
ard “command and control” variety. 

These costs of regulation can be reduced, although not eliminated, through careful 
attention to the design of the regulations. In particular, the more regulations focus 
on outcomes and performance, rather than specific inputs, the better. For example, 
a regulation affecting an indoor athletic arena could state that the arena’s air ven- 
tilation system must be able to contain a given type of bio-terrorist attack within 
a specific amount of time, rather than that the system must include specific devices. 
Compliance with the performance-based regulation can then be tested regularly by 
government inspectors or third-party auditors. Such a performance-oriented set of 
regulations provides at least some incentive for firms to design and implement less 
expensive mechanisms for achieving any given level of security. 

Insurance requirement 

An insurance requirement is a possible alternative to direct government regula- 
tion . 13 At first glance, an insurance requirement may seem counterproductive: 
Firms and individuals who have insurance against terrorism would appear to lack 
incentives to take appropriate precautions against an attack. However, where such 
insurance is available, it typically comes with provisions (such as a deductible) to 
ensure that the insured bear at least some of the cost of an attack, and thus have 
an economic incentive to avoid such attacks or minimize their consequences. Fur- 
thermore, and perhaps more importantly, the insurance companies themselves have 
an incentive to encourage risk-reducing activities . 14 Insurance firms could provide 
incentives for measures that reduce the exposure of buildings to terrorist attack 
(such as protecting or moving the air intake), or that reduce the likelihood of a suc- 
cessful cyber-attack on a computer system or intranet (such as improved firewalls 
and more advanced encryption). 

An insurance requirement is clearly not a panacea, however. One issue is the de- 
gree to which the insurance market would discriminate among terrorism risks (or 
would be allowed to do so by regulators). For example, consider the higher risks for 
such “iconic” structures as the World Trade Center, tbe Empire State building, and 
other tall structures elsewhere in the country. If insurers are not restricted by gov- 
ernment policy from charging appropriately risk-related premiums, insurance mar- 
kets will discourage the construction of such potential terrorist targets in the future. 
Such an outcome may be efficient in the sense of reducing potential exposure to ter- 
rorist attacks, but it may have other social costs. 

In evaluating the effects of variation in insurance premiums, a distinction should 
be drawn between existing buildings and new construction. Tbe owners of existing 
buildings likely did not anticipate the terrorist threat when the buildings were con- 
structed. Any additional costs on such existing buildings would reduce their market 
values, imposing capital losses on their owners. Some may not view this outcome 
as fair: it effectively imposes higher costs on the owners (or occupants) of an existing 
building to address a threat that was largely unexpected when the buildings were 
constructed. Others may view the outcome as eminently fair, since the alternative 
would be to have the population as a whole effectively provide a subsidy to the own- 
ers of prominent buildings . 15 For new construction, the case for differentiated insur- 
ance premiums is stronger, since the prospective owners are now aware of the 


13 The insurance requirement would complement the use of the liability system to encourage 
protective measures: Insurance coverage would be relatively more important in the context of 
large liability exposures. 

14 By similar reasoning, insurers should not be able to use genetic information to discriminate 
in rates charged for health coverage since individuals cannot control their genetic makeup. 

15 Failing to allow insurance firms to discriminate across risks in pricing policies could also 
induce “cherry-picking” of the lowest risks by the insurance firms and make it difficult for the 
higher risks to obtain the insurance from any firm. It is worth noting that in the United King- 
dom, a government-sponsored mutual insurance organization, Pool Re, provides anti-terrorism 
insurance. The rates vary by location, with the highest in Central London and the lowest in 
rural parts of Scotland and Wales. See Howard Kunreuther, “The Role of Insurance in Man- 
aging Extreme Events: Implications for Terrorism Coverage” Business Economics April 2002 For 
further analysis of the Pool Re and other programs abroad, see General Accounting Office, “Ter- 
rorism Insurance: Alternative Programs for Protecting Insurance Consumers,” GAO-02-199T, 
October 24, 2001, and Congressional Budget Office, “Federal Reinsurance for Terrorism Risks,” 
October 2001. 
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threat of attack and since differentiated premiums could play an important role in 
encouraging safer designs of prominent buildings. 

Another potential problem with an insurance approach involves the capacity of in- 
surers to price the insurance and provide incentives for specific anti-terrorism steps. 
If government regulators find it difficult to undertake comparative benefit analysis 
in fighting terrorism, it is likely that private insurers would face similar chal- 
lenges — especially in the face of network effects. The problem is exacerbated by the 
absence of solid actuarial information on the risks involved, which in turn reflects 
the nation’s good fortune thus far in not being exposed to a large number of terrorist 
attacks. Nonetheless, as the Congressional Budget Office has noted, “Not every new 
risk has proved to be uninsurable. For example, the changing legal environment for 
product liability, which makes predicting losses difficult, has affected how insurers 
manage such risks, but it has not resulted in insurers’ dropping all product liability 
coverage. Rather it has produced a combination of more restricted coverage, shared 
responsibility, and modifications in producers’ behavior .” 16 

Perhaps most fundamentally, an insurance system won’t work if insurers won’t 
offer the insurance or offer it only at extremely high prices relative to their under- 
lying actuarial models, or if firms are not required to purchase the insurance and 
don’t see a need for it. Some economists and market observers have raised impor- 
tant questions about whether capital market imperfections impede the ability of in- 
surers to provide coverage against catastrophic risks, such as those involved in ter- 
rorist activities . 17 A particular concern involves reinsurance: the transfer of risk 
from the primary insurance company to another entity. Rather than maintaining 
high reserves to meet the potential costs of extreme events, primary insurance firms 
buy reinsurance from other firms. The reinsurance covers at least part of a severe 
loss, attenuating the risks faced by the primary insurers. To ensure that primary 
insurers continue to cover terrorism risks, the Federal government has provided ter- 
rorism reinsurance. A temporary Federal program makes sense; over time, as new 
approaches to spreading the financial risks associated with anti-terrorism insurance 
develop, the need for any government reinsurance program could be reduced . 18 A 
substantial flaw with the current reinsurance program, though, is that no fee is im- 
posed. A better approach to federal reinsurance would have the government share 
the risk, but also the premiums, from primary terrorism insurance . 19 

Despite these potential problems, it is plausible that a broader system of anti-ter- 
rorism insurance could develop over the medium to long term, and thereby play a 
crucial role in providing incentives to private-sector firms to undertake additional 
security measures when such steps are warranted given the risk of a terrorist at- 
tack (at least as viewed by the insurance firm). 

Subsidies for anti-terrorism measures 

A third form of government intervention would take the form of subsidies for anti- 
terrorism measures undertaken by private actors. Subsidies could affect firm behav- 
ior, and (if appropriately designed) provide some protection against terrorist threats. 
Subsidies, however, carry four dangers: 

• First, they can encourage unnecessarily expensive investments in security 
measures (or “gold plating ”). 20 

• Second, a subsidy approach would likely spark intensive lobbying efforts by 
firms to capture the subsidies — which not only dissipates resources that could 


16 CBO also notes that private insurers in Israel provide some anti-terrorism coverage {involv- 
ing indirect losses such as the costs of business interruptions from terrorist attacks). Congres- 
sional Budget Office, “Federal Reinsurance for Terrorism Risks,’ October 2001. 

17 See, for example, Kenneth Froot, “The Market for Catastrophic Risk: A Clinical Examina- 
tion,” NBER Working Paper 8110, February 2001. 

18 For alternatives to a federal reinsurance program, see J. Robert Hunter, “How the Lack of 
Federal Back Up for Terrorism Insurance Affected Insurers and Consumers: An Analysis of 
Market Conditions and Policy Implications,” Consumer Federation of America, January 23, 
2002 . 

19 See, for example, David Moss, Testimony before the U.S. Senate Committee on Commerce, 
Science, and Transportation, October 30, 2001. 

20 Consider, for example, a tax credit equal to 50 percent of the cost of building improvements 
that protect against terrorism. Such a high subsidy rate may encourage firms to undertake too 
much investment in security against terrorism — in the sense that the costs of the investment 
are not fully justified by the protections they provide against terrorism. For example, reinforced 
windows may provide protection against shattering in the event of a terrorist attack. Even if 
the protection provided is minimal, the firm may find it worthwhile to undertake the investment 
since so much of the cost is borne by others, and since the reinforced windows may provide other 
benefits (such as reduced heating and cooling costs because of the added insulation). Relatedly, 
a subsidy provides a strong incentive for firms to classify changes that would have otherwise 
been undertaken as “anti-terrorism” measures in order to qualify for the subsidy. 
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have been used more productively elsewhere, but may skew the definition of 
what qualifies for the subsidy toward inappropriate items . 21 

• Third, subsidies could provide benefits to firms that would have undertaken 
the activities even in the absence of the subsidy — raising the budget cost with- 
out providing any additional security. 

• Finally, subsidies financed from general revenue are effectively paid for by 
the entire population. The fairness and feasibility of that approach is debatable, 
especially in face of the dramatic deterioration in the Federal budget outlook 
over the past several years and the recognition that other pressing needs will 
put increased pressure on the budget even without subsidizing private-sector 
protective measures. 

Toward a mixed system: Minimum regulatory standards, insurance, and third-party 
inspections 

As the discussion above has highlighted, all of the various approaches to govern- 
ment intervention have shortcomings, and the relative importance of these draw- 
backs is likely to vary from sector to sector. Nonetheless, in many cases that require 
government intervention, one longer-term approach appears to be the least undesir- 
able and most cost-effective: a combination of regulatory standards, insurance re- 
quirements, and third-party inspections. 

A mixed regulatory/insurance system is already applied in many other areas, such 
as owning a home or driving a car. Local building codes specify minimum standards 
that homes must meet. But mortgages generally require that homes also carry home 
insurance, and insurance companies provide incentives for improvements beyond the 
building code level — for example, by providing a reduction in the premiums they 
charge if the homeowner installs a security system. Similarly, governments specify 
minimum standards that drivers must meet in order to operate a motor vehicle. But 
they also require drivers to carry liability insurance for accidents arising out of the 
operation of their vehicles. Meanwhile, insurance companies provide incentives for 
safer driving by charging higher premiums to those with poorer driving records . 22 

A mixed system of minimum standards coupled with an insurance mandate not 
only can encourage actors to act safely, but also can provide incentives for innova- 
tion to reduce the costs of achieving any given level of safety . 23 The presence of min- 
imum regulatory standards also helps to attenuate the moral hazard effect from in- 
surance, and can provide guidance to courts in determining negligence under the li- 
ability laws . 24 

A mixed system also has the advantage of being flexible, a key virtue in an arena 
where new threats will be “discovered” on an ongoing basis. In situations in which 
insurance firms are particularly unlikely to provide proper incentives to the private 
sector for efficient risk reduction (for example, because insurers lack experience in 
these areas), regulation can play a larger role. 

Third-party inspections can be coupled with insurance protection to encourage 
companies to reduce the risk of accidents and disasters. Under such schemes, insur- 
ance corporations would hire third-party inspectors to evaluate the safety and secu- 
rity of plants seeking insurance cover. Passing the inspection would indicate to the 


21 Lobbying would undoubtedly occur in the context of a regulatory approach, but since regula- 
tions are made on the basis of some kind of evidentiary record and are subject to judicial review, 
the room for lobbying is restricted. In contrast, subsidies are expenditures of the government 
and handed out by Congress, which is inherently much more amenable to lobbying. 

22 To be sure, crucial differences exist between the terrorist case and these other examples. 
For example, stable actuarial data exist for home and auto accidents, but not for terrorist at- 
tacks. Nonetheless, it may be possible for insurers to distinguish risks of loss based on dif- 
ferences in damage exposures, given a terrorist incident. Some financial firms are already trying 
to devise basic frameworks for evaluating such risks. See, for example, Moody’s Investors Serv- 
ice, “Moody’s Approach to Terrorism Insurance for U.S. Commercial Real Estate,” March 1, 
2002 . 

23 Moreover, an insurance requirement (as opposed to an insurance option) avoids the adverse 
selection problem that can occur in voluntary insurance settings. In particular, if anti-terrorism 
insurance were not mandatory, firms with the most severe terrorism exposure would be the 
most likely to demand insurance against terrorist acts. The insurance companies, which may 
have less information about the exposure to terrorism than the firms themselves, may therefore 
be hesitant to offer insurance against terrorist attacks, since the worst risks would dispropor- 
tionately want such insurance. The outcome could be either that the insurance companies do 
not offer the insurance, or that they charge such a high price for it that many firms (with lower 
exposure to terrorism but nonetheless some need to purchase insurance against it) find it unat- 
tractive. This preference for mandatory insurance assumes no constraints or imperfections on 
the supply side of the insurance market. 

24 For a discussion of the potential benefits of a mixed system of building code regulations and 
mandatory catastrophic risk insurance in the context of natural disasters, see Peter Diamond, 
“Comment on Catastrophic Risk Management,” in Kenneth Froot, ed., The Financing of Catas- 
trophe Risk (University of Chicago Press: Chicago, 1999), pages 85—88. 
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community and government that a firm complies with safety and security regula- 
tions. The firm would also benefit from reduced insurance premiums, since the in- 
surer would have more confidence in the safety and security of the firm. 

This system takes advantage of two potent market mechanisms to make firms 
safer, while freeing government resources to focus on the largest risks. Insurance 
firms have a strong incentive to make sure that the inspections are rigorous and 
that the inspected firms are safe, since they bear the costs of an accident or terrorist 
attack. Private sector inspections also reduce the number of audits the regulatory 
agency itself must undertake, allowing the government to focus its resources more 
effectively on those companies that it perceives to pose the highest risks. The more 
firms decide to take advantage of private third-party inspections, the greater the 
chances that high-risk firms will be audited by the regulatory agency. 

Studies have shown how such a program could be implemented in practice. In 
Delaware and Pennsylvania, the State Departments of Environmental Protection 
have worked closely with the insurance industry and chemical plants to test this 
approach . 25 

Applying the mixed system 

Three examples of homeland security issues seem relatively well-suited to a mixed 
system of regulatory standards, anti-terrorism insurance, and third-party inspec- 
tions: 

• Security at chemical and biological plants. Such plants contain materials that 
could be used as part of a catastrophic terrorist attack, and should therefore 
be subjected to more stringent security requirements than other commercial fa- 
cilities. The regulatory standards could be supplemented by an insurance re- 
quirement, which would then allow insurance firms to provide incentives for 
more innovative security measures. 

• Building security for buildings that house thousands of people. The Federal 
government could supplement existing building codes for large commercial 
buildings with minimum performance-based anti-terrorism standards. Those 
regulations could then be supplemented by requiring the owners of buildings to 
obtain anti-terrorism insurance covering some multiple of the value of their 
property. Adjustments to the basic premium could encourage building improve- 
ments that reduce the probability or severity of an attack (such as protecting 
the air intake system or reinforcing the building structure ). 

• Cyber-security. Since the steps involved in protecting a computer system 
against terrorist attack are similar to those involved in protecting it against 
more conventional hacking, the case for Federal financing is relatively weak. 
Federal subsidies of anti-terrorism cyber-security measures at private firms 
would likely induce excessive “investment,” since the firms would not bear the 
full costs but would capture many of the benefits (through improved security 
against hacking attempts). Nonetheless, a successful terrorist cyber-attack could 
cripple the nation’s infrastructure, at least temporarily. Some performance-ori- 
ented regulatory steps may therefore be warranted. For example, the govern- 
ment could require critical computer systems to be able to withstand mock 
cyber-attacks, with the nature of the cyber-attack varying from firm to firm. 
Given the ease with which mock attacks and tests could be conducted — which 
could provide a basis for pricing the insurance — an insurance requirement may 
be feasible and beneficial. One could even imagine insurance firms hiring cyber- 
experts to advise insured firms on how to reduce their exposure to cyber-at- 
tacks. To be consistent with reasonable thresholds for government intervention, 
any regulatory or insurance requirements could be imposed only on larger firms 
or those that have direct access to critical computer infrastructure components. 

Conclusion 

This testimony argues that a mixed system of minimum standards, insurance, 
and third-party inspections could harness market forces to provide homeland secu- 
rity at minimum cost. This approach can and should be supplemented or replaced 
when there is evidence that other approaches would be more efficient or when there 
are significant externalities associated with a given type of terrorism. For example, 
in some cases, the insurance requirement may not be necessary because lenders al- 
ready require terrorism insurance to be carried before extending loans — and a gov- 
ernment mandate is thus effectively superfluous. Furthermore, it will undoubtedly 
take time for the insurance industry to develop appropriate ways of pricing policies 
covering potentially catastrophic attacks. 


25 For further information, see Howard Kunreuther, Patrick McNulty, and Yong Kang, “Im- 
proving Environmental Safety Through Third Party Inspection,” Risk Analysis. 22: 309—18, 
2002 . 
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The degree of government intervention should clearly vary by circumstance. For 
example, consider the difference between security at a mall and security at a chem- 
ical facility. Poor security at a mall does not endanger remote areas in the nation 
to nearly the same degree as poor security at a chemical facility. The products of 
chemical plants could be used as inputs in a terrorist attack, and therefore the fa- 
cilities warrant more aggressive government intervention than shopping malls. Thus 
security regulations for chemical plants may make sense, even if they don’t for shop- 
ping malls. 

A critical challenge is deciding how extensive government regulation should be. 
It is one thing to set standards for commercial facilities such as chemical and bio- 
logical plants. But should the government attempt to provide anti-terrorism regula- 
tions for all commercial buildings? For hospitals? For universities? Where does the 
regulatory process stop? One answer to this question is provided in Protecting the 
American Homeland, which focuses on reducing the risk of large-scale terrorist at- 
tacks. 

A final issue is who should pay for improved security in the private sector. My 
general answer is that the costs should be imposed on the users and providers of 
a particular service. Such a “stakeholder pays” approach ensures that those who en- 
gage in the most dangerous activities (in terms of their exposure to terrorist at- 
tacks) pay for the costs associated with those risks. 

Mr. Thornberry. Next is John McCarthy, who is executive di- 
rector of the Critical Infrastructure Protection Project at George 
Mason University. Thank you for being here. You are recognized 
for 5 minutes. 

STATEMENT OF JOHN A. McCARTHY, EXECUTIVE DIRECTOR, 

CRITICAL INFRASTRUCTURE PROTECTION PROJECT, 

GEORGE MASON UNIVERSITY 

Mr. McCarthy. Thank you, Mr. Chairman, and thank you, dis- 
tinguished members of the committee, for the honor of appearing 
before you today. 

As a preliminary matter I would like to introduce the Critical In- 
frastructure Project within George Mason University’s School of 
Law, where I serve as the executive director. The CIP Project has 
a unique role in building an interdisciplinary research program 
that fully integrates the disciplines of law, policy and technology. 
We are developing practical solutions for enhancing the security of 
cybernetworks, physical structures and economic processes under- 
lying the Nation’s critical infrastructures. The project is specifically 
charged with supporting research that informs needs and require- 
ments outlined by the various national homeland security strategy 
documents. 

Since its inception a little over a year ago, we have sponsored 
more than 70 substantive research projects touching leading schol- 
ars at 20 universities, with James Madison University as a lead 
partner, and focusing more than 200 graduate and undergraduate 
students on security-related studies. The CIP Project-sponsored re- 
search ranges from highly technical efforts designing new security 
protocols for cybersystems to mapping infrastructure 
vulnerabilities, to exploring legal and business government implica- 
tions of information-sharing, to experimental economic analysis by 
the most recent Nobel Laureate in economics. In addition, GMU 
leads an academic consortium of regional scholars supporting CIP 
vulnerability analysis and interdependency identification for home- 
land security planning efforts here in the National Capital region. 
We are working closely with the Department of Homeland Security 
to ensure vulnerability assessments and modeling tools built locally 
that could be deployed nationally. 
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The Northeast blackout provides a clear example of disruption to 
our vital infrastructures. I will focus my comments today on those 
issues I believe are key areas of critical infrastructure protection 
that require continued emphasis, these being the need to develop 
a comprehensive understanding of infrastructure vulnerabilities 
and tools to assess those vulnerabilities; the need to better under- 
stand the complex interdependencies between infrastructure sec- 
tors; and the need to develop effective systems of public/private 
partnership that afford true information-sharing. 

The blackout and its consequences serve as an effective yardstick 
by which to measure critical infrastructure protection since 9/11. 
On a positive note, most areas that were affected by the blackout 
had power restored within 24 hours. Considering the large geo- 
graphic area, the number of jurisdictions involved and the inter- 
national aspect of the blackout, this was a sound response. Particu- 
larly noteworthy were the cross-sector public-private communica- 
tions that took place away from the eyes of the media. These com- 
munications involved industry, State, local and national decision- 
makers. I believe these relationships were not ad hoc responses to 
the blackout, but the results of efforts of the past decade in devel- 
oping a means for enhancing information exchange between the 
public and private sector. 

First, the blackout experience highlights our Nation’s serious 
problems with infrastructure, including poor comprehension of our 
vulnerabilities and lack of awareness or preparedness for the inter- 
dependencies of those infrastructures. The blackout stresses the 
need to further identify, map, define our critical assets and prop- 
erly assess their vulnerabilities, as 9/11, the first bombing of the 
World Trade Center, Y2K and numerous debilitating cyberattacks 
have shown us also. Comprehensive infrastructure mapping allows 
us to assess exactly where vulnerabilities are, what redundancies 
are needed, and how to recover quickly from a disruption by phys- 
ical or cyber means. 

It is important to map out each of the critical infrastructures and 
how they work with each other and study the possible effects that 
losses on one infrastructure will have on another. This type of map- 
ping is vital in addressing and managing future infrastructure dis- 
ruptions. These analyses must also include evaluation of myriad 
possible scenarios that may pose threats to critical systems and 
provide identification of physical and process actions, as well as 
economic incentives to industry that afford greater resiliency and 
security of key infrastructure assets. For example, in the short 
term, the use of redundant electrical generation at hospitals in 
New York resulted in virtually no loss of service delivery capability 
for emergency and health care providers. 

Next, the blackout also highlights infrastructure interdepend- 
encies, which underscore the need to develop a comprehensive un- 
derstanding of how these infrastructures work together. The loss of 
power to the energy grid implicated more than just our energy in- 
frastructure and cascaded into other infrastructures. For instance, 
as sewage piled up in Harlem because there was no power to pump 
it through the facility, a diver had to be sent in through 40 feet 
of liquid sewage to get the pump working again. GMU, as well as 
other research universities, have particular technical expertise to 
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bear in both risk assessment of critical assets and advancing the 
understanding of infrastructure interdependencies. 

Finally, the interconnectivity of modern infrastructures goes be- 
yond the technical systems themselves. The human element of crit- 
ical infrastructure protection is equally, if not more, important. 
People must communicate in order to prevent and respond to crit- 
ical infrastructure failures. This high-level communication process 
is complex and involves many layers of connectivity. It is perhaps 
the most vital piece of effective infrastructure protection that we 
can provide because we cannot anticipate every contingency. 

Robust information-sharing must afford sufficient levels of detail 
at both the executive and the operational levels. As a former first 
responder and trained incident commander, I believe management 
of these complex social response networks at all levels of the Fed- 
eral structure will be increasingly important in the successful reso- 
lution of future incidents of national significance relative to our in- 
frastructure. 

The CIP project has the primary goal of research with the real- 
world issues and problems faced by industry and government lead- 
ers that face the important — face us at this important time in our 
history. We thank the committee for its support of academia in this 
area, and I look forward to your questions. 

Mr. Thornberry. Thank you, sir. 

[The statement of Mr. McCarthy follows:] 

PREPARED STATEMENT OF JOHN A. MCCARTHY 

Thank you, Mr. Chairman and distinguished members of the Committees for the 
honor of appearing before you today. I am here to testify about issues and chal- 
lenges in providing for critical infrastructure protection in the context of the recent 
blackout and how George Mason University is assisting in this agenda. 

As a preliminary matter, I’d like to introduce the Critical Infrastructure Protec- 
tion (CIP) Project, within the George Mason University School of Law, where I serve 
as Executive Director. The CIP Project has a unique role in building an inter-dis- 
ciplinary research program that fully integrates the disciplines of law, policy, and 
technology. We are developing practical solutions for enhancing the security of cyber 
networks, physical structures, and economic processes underlying our nation’s crit- 
ical infrastructures. The CIP Project is specifically charged with supporting research 
that informs needs and requirements outlined in the various National Homeland Se- 
curity Strategy documents. Since its inception a little over a year ago, we have spon- 
sored more than 70 substantive research projects, touching leading scholars at 20 
universities and focusing more than 200 graduate and undergraduate students on 
security related studies. CIP Project sponsored research ranges from highly tech- 
nical efforts to design new security protocols for cyber systems, to mapping the 
vulnerabilities of various infrastructures, to exploring the legal and business govern- 
ance implications of information sharing, to experimental economic analysis of the 
energy sector under the direction of Dr. Vernon Smith — the most recent Nobel Lau- 
reate in economics. In addition, GMU leads an academic consortium of regional 
scholars, supporting CIP vulnerability analysis and interdependency identification 
for homeland security planning efforts here in the National Capital Region. We are 
working closely with the Department of Homeland Security to ensure vulnerability 
assessment and modeling tools are developed locally that can be deployed nation- 
ally. 

The Northeast Blackout provides a clear example of disruption to our vital infra- 
structures. I will focus my comments today on those issues I believe are key areas 
of critical infrastructure protection that require continued emphasis. These are: 

- The need to develop a comprehensive understanding of infrastructure 
vulnerabilities and tools to assess these vulnerabilities; 

- The need to better understand the complex interdependencies between infra- 
structure sectors; and 

- The need to develop effective systems of public-private partnerships that af- 
ford true information sharing. 
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The Blackout and its consequences serve as an effective yardstick by which to 
measure critical infrastructure protection development since 9/11. On a positive 
note, most areas that were affected by the blackout had power restored within 24 
hours. Considering the large geographic area, the number of jurisdictions involved, 
and the international aspects of the Blackout, this was a sound response. Particu- 
larly noteworthy were the cross-sector public-private communications that took 
place away from the eyes of the media. These communications involved industry, 
state, local and national decision-makers. I believe these relationships were not ad- 
hoc responses to the Blackout, but the result of the efforts of the past decade in de- 
veloping a means for enhanced information exchange between the public-private sec- 
tors. 

First, the Blackout experience highlights our nation’s serious problems with infra- 
structure, including poor comprehension of our vulnerabilities and lack of awareness 
or preparedness for the interdependencies of infrastructures. The Blackout stresses 
the need to further identify, map and define our critical assets and properly assess 
their vulnerabilities — as have 9/11, the first bombing at the World Trade Center, 
Y2K, and numerous debilitating cyber attacks. Comprehensive infrastructure map- 
ping allows us to assess exactly where vulnerabilities are, what redundancies are 
needed, and how to recover quickly from a disruption by physical or cyber means. 
It is important to map out each of the critical infrastructures, how they work with 
each other, and study the possible effects that the loss of one infrastructure will 
have on others. This type of network and vulnerability mapping is vital in address- 
ing and managing future infrastructure disruptions. In addition, this will afford the 
insurance and reinsurance industries the opportunity to gather sufficient informa- 
tion so they can determine their appropriate role in the terrorism risk insurance 
arena. 

These analyses must also include evaluation of myriad possible scenarios that 
may pose threats to critical systems and provide identification of physical and proc- 
ess actions, as well as economic incentives to industry that afford greater resiliency 
and security of key infrastructure assets. For example, in the short term, the use 
of redundant electrical generation at hospitals in New York City resulted in vir- 
tually no loss in service delivery capability for emergency responders and health 
care providers during the Blackout. 

Next, the Blackout also highlights infrastructure interdependencies, which under- 
score the need to develop a comprehensive understanding of how these infrastruc- 
tures work together. The loss of power to the energy grid implicated more than just 
our energy infrastructure; it cascaded into several other infrastructures. For in- 
stance, sewage piled up at a Harlem treatment plant because there was no power 
to pump it through the facility. A diver had to be sent in through 40 feet of liquid 
sewage in order to get the pumps working again. GMU, as well as other research 
universities, have particular technical expertise to bring to bear in both the risk as- 
sessment of our critical assets and the advanced understanding of infrastructure 
interdependencies. We are fully supporting DHS’s efforts to accelerate under- 
standing in these key areas. 

Finally, the interconnectivity of modern infrastructures goes beyond the technical 
systems themselves. The human element of critical infrastructure protection is 
equally, if not more important. People must communicate in order to prevent and 
respond to critical infrastructure failures. This high-level communication process is 
complex and involves many layers of connectivity. It is perhaps the most vital piece 
of effective infrastructure protection we can provide because we cannot anticipate 
every contingency. Robust information sharing must afford sufficient levels of detail 
at both the executive and operational levels. It should candidly identify 
vulnerabilities, prioritize key infrastructure assets, and allow public and private of- 
ficials to prevent, respond to, and recover from potential disruptions. By the same 
token, sufficient safeguards and incentives must be structured for all stakeholders 
to fully participate in the process. As a former first responder and trained incident 
commander, I believe management of these complex social response networks at all 
levels of the federal response structure will be increasingly important in the success- 
ful resolution of infrastructure incidences of national significance, be they physical, 
cyber, or both. The establishment of a public-private liaison as a senior advisor to 
Secretary Ridge is an important and needed step in developing and advancing this 
emerging need. 

The Committee has chosen to address these issues at the right time, and I com- 
mend you in holding this hearing. The CIP Project’s primary goal is to match schol- 
arly research with the real-world issues and problems faced by industry and govern- 
ment leaders at this important time in our Nation’s history. With your continued 
support, the academic community can continue to provide unique fora to assist deci- 
sion-makers in discussing and developing solutions to these pressing issues. 
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Thank you. I look forward to answering any questions you may have. 

Mr. Thornberry. Our next witness is Karl Rauscher, founder 
and president of the Wireless Emergency Response Team. Appre- 
ciate you being with us, and you are recognized for 5 minutes. 

STATEMENT OF KARL F. RAUSCHER, FOUNDER AND 
PRESIDENT, WIRELESS EMERGENCY RESPONSE TEAM 

Mr. Rauscher. Chairman Thornberry, Chairman Camp and 
other distinguished Members, thank you for the opportunity to 
speak today and provide a perspective from the communications in- 
frastructure. 

My name is Karl Frederick Rauscher. I am the founder and 
president of the Wireless Emergency Response Team, a nonprofit 
organization supported by expert volunteers from the private sector 
and government. The mission of WERT is to provide vital help by 
using advanced wireless technology to support search and rescue in 
a national crisis, by conducting focused research, and by providing 
emergency guidance for 911 centers, law enforcement, and family 
members. My experience related to today’s subject matter includes 
18 years of experience at Bell Labs and Bell Communications Re- 
search. As the vice chair of the industry’s Network Reliability 
Steering Committee, I oversee deep dive cause analyses for major 
network outages. These analyses are conducted voluntarily by the 
industry for the purpose of determining if existing best practices 
are sufficient to prevent similar future events. The ATIS NRSC 
publishes an annual report on the health of the Nation’s public net- 
works. 

As a member of the Telecom-Information Sharing and Analysis 
Center, I am routinely involved in industry mutual aid responses, 
including the activities for the recent power blackout. I have led 
combined government and industry efforts to produce over 500 best 
practices for network reliability and homeland security. These FCC 
NRIC best practices are the most comprehensive and authoritative 
guidance in the world for public communications networks. These 
best practices, while totally voluntary, are implemented at a high 
level throughout the industry and are consistently credited for pre- 
venting network service disruptions. 

My perspectives include very human aspects of this discussion. 
My experiences have made a lasting impression on the vital need 
to connect the best minds of the industry with the most vital needs 
of its subscribers in an emergency. 

Wireless communications are vital in disaster response. On the 
morning of September 11, wireless communications were used by 
countless Americans in their usual ways. And then evil terrorists 
emerged to make their dark mark on human history. During those 
same moments, wireless devices such as cell phones and PDAs 
were used by brave hostages in the skies to report the hijacking of 
their planes, and then by expectant victims to speak their last 
“good-bye” and “I love you”, and then by rescue teams as they 
rushed to bring aid. Instruments routinely used for conducting 
business and nurturing relationships were then, in their final mis- 
sion, being used to secure the safety of the United States of Amer- 
ica, or bring two individuals together for a final, treasured moment. 
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In the following hours, an unprecedented wireless industry effort 
sprang into action to support search and rescue efforts at the 
World Trade Center disaster site. 

WERT’s final report documents its key lessons and recommenda- 
tions. May God forbid that such a tragedy and horror would ever 
be visited on us again, but if it does, WERT will be ready to bring 
the best minds and resources of the wireless industry to work hand 
in hand with traditional first responders on the never-changing top 
priority after disaster-saving human life. 

Most of the characteristics of the recent power blackout were 
similar to crises already experienced by the communications indus- 
try. For example, the duration was similar to power outages caused 
by large ice storms. Other characteristics, while familiar, were 
turned up a few notches in intensity. And a third set of characteris- 
tics was mostly new; for example, the most notable being that, like 
September 11, this event was unanticipated. Also there were mul- 
tiple cyberthreats in play around this time. 

Concerning wireless networks, during the first half hour after 
the power was lost, enormous spikes in the number of call attempts 
were seen, up to 1,000 percent of normal traffic levels. During the 
next several hours, traffic hovered around 100 percent above nor- 
mal levels. Any service problems during the early time frame were 
likely due to congestion caused from this very unusual demand. 

For the most part, the wireless systems and networks were work- 
ing as designed. When commercial power was lost, cell towers drew 
power from back-up batteries until power was restored or until the 
battery power was consumed. The wireless industry will factor new 
insights gleaned from this historic event into future risk assess- 
ments and emergency planning capabilities. 

During times of heavy congestion, a text message attempt is 
more likely to succeed than a voice call because there are lower re- 
quirements for bandwidth. It is encouraging that early reports indi- 
cate there was a marked increase in the use of “exting” during the 
blackout. 

The national communications system’s ISAC is now part of the 
Department of Homeland Security Information Analysis and Infra- 
structure Protection Directorate. This ISAC interacted effectively 
with the Electricity Sector ISAC during the blackout, an immense 
demonstration for the potential of what could be accomplished in 
the future with ISAC-to-ISAC coordination. 

Another lesson learned during the blackout is that homes should 
have a corded phone as an emergency back-up. As many learned, 
cordless phones depend on commercial power. 

Concerning government industry partnerships, make no mistake 
about it, the communications industry is a fiercely competitive bat- 
tlefield, yet a remnant of something tremendously precious sur- 
vives. An aspect of the culture of the traditional phone company 
lives on. It is one that ascribes to itself an obligation to the safety 
of society. As the head of a nonprofit volunteer organization, this 
is tremendously encouraging. WERT has captured some of that 
spirit in harnessing the expertise, will and compassion of so many 
volunteers along with their companies or agencies. Intergovern- 
mental partnerships are supported by significant volunteer effort 
and are highly effective. 
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I hope that my insights today will be useful to the committee. 
Thank you. 

Mr. Thornberry. Thank you. I appreciate your testimony. 

[The statement of Mr. Rauscher follows:] 

PREPARED STATEMENT OF KARL F. RAUSCHER 

Chairman Thornberry, Chairman Camp, Congresswoman Lofgren, Congresswoman 
Sanchez, Congressman Cox, Congressman Turner, and other Distinguished Mem- 
bers: thank you for the opportunity to speak today and provide a perspective from 
another critical infrastructure — the telecommunications and Internet services indus- 
try 

Introduction 

My name is Karl Frederick Rauscher. I am the Founder and President of the 
Wireless Emergency Response Team, a non-profit organization supported by expert 
volunteers from the private sector and numerous government agencies. My experi- 
ence related to today’s subject matter includes . . . 

• 18 years of communications industry experience at Bell Communications Re- 
search & Lucent Technologies Bell Labs 

• I have led numerous highly successful improvement programs in quality and 
reliability. With a background of advanced concepts in software, systems, archi- 
tectures and networks, I have invented software testing techniques that have 
delivered dramatic breakthrough quality improvements. I am a recipient of the 
Bell Labs President’s Award for bringing the first telecommunications network 
switch to “6 9’s” of reliability, which means 99.9999% uptime, or less than 30 
seconds of downtime per year (independently verified with pubic data). In my 
10 years at Bell Communications Research, I have personally uncovered over 
1000 software design errors in programs running on live network systems. I 
have recently conducted Homeland Security research at an offshore software de- 
velopment outsourcing facility. 

• As Vice Chair of the industry’s Alliance for Telecommunications Industry So- 
lutions (ATIS) Network Reliability Steering Committee (NRSC), I oversee the 
“deep dive” cause analyses that occur for each major network outage. These 
analyses are conducted voluntarily by the industry for the purpose of deter- 
mining if existing Best Practices are sufficient to prevent similar, future events. 
The NRSC also provides an annual report on the health of the nation’s public 
networks. 

• As a member of the Telecommunications-Information Sharing and Analysis 
Center (ISAC), I am routinely involved in industry mutual-aid responses. I was 
directly involved in the communications industry’s coordination and response to 
the recent Power Blackout — from the initial report assessments through ongo- 
ing after-action reviews. 

• I have led combined government and industry efforts to produce over 500 
Best Practices for network reliability and Homeland Security. The Federal Com- 
munications Commission (FCC) Network Reliability and Interoperability Coun- 
cil (NRIC) Best Practices are the most comprehensive and authoritative guid- 
ance in the world for public communications. Best Practices, while totally vol- 
untary, are implemented at a high level throughout the industry, and are con- 
sistently credited with preventing network service disruptions. In addition, I 
have led industry discussions on blended physical and cyber attacks. 

• I am the Chair-Elect of the international IEEE Technical Committee on com- 
munications Quality and Reliability. I oversaw Best Practice guidance on ultra- 
high reliability and ultra-high security for world-class events, which benefited 
the Olympics, among others. 

• I am on the Board of Advisors for the Center for Resilient Networks 

• I have participated in the President’s National Security Telecommunications 
Advisory Committee (NSTAC) 

• Most importantly, I have access to the right people — those who are world- 
class experts, who will tell it like it is, and then take the necessary actions. 

My perspective includes very human aspects of this discussion. In pressure-heated 
crises, I have brainstormed with brave first responders and listened to family mem- 
bers — pleading for everything to be done with technologies that they do not under- 
stand — to save their loved ones. In moments of heavy telephone silence, I have con- 
nected on a personal level with strangers in distant places — this has made a lasting 
impression on the vital need to connect the best minds of the industry with the most 
vital needs of its subscribers in an emergency. 
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Role of Wireless Communications in Disaster Response 

On the morning of September 11, wireless communications were used by countless 
Americans in their usual ways. 

And then evil terrorists emerged to make their dark mark on human history. 

During those same moments, wireless communications were used by brave hos- 
tages in the skies to report the hijacking of their planes, then by expectant victims 
to speak their last “GOOD BYE” and “I LOVE YOU”, and then by rescue teams as 
they rushed to bring aid. 

Wireless devices, such as cell phones and PDAs, played a vital role on September 
11 because they are popular, easy to operate, one of the few items carried every- 
where by their users, and can still function when severe damage is done to sur- 
rounding infrastructure. Instruments routinely used for conducting business and 
nurturing relationships were then, in their final mission, being used to secure the 
safety of the United States of America, or bring two individuals together for a final, 
treasured moment. 

That night, news reports stated that cell phones were being used to call for help 
from the rubble in New York City. At this point, the vision for a coordinated indus- 
try emergency response was conceived. In the following hours and days, an unprece- 
dented wireless communications industry mutual-aid effort sprang into action to 
support Search and Rescue efforts at the World Trade Center disaster site. The 
Wireless Emergency Response Team was formed. 

Due to the nature of the building collapse, the team was not able to rescue victims 
from the rubble. However, value was realized in several ways: keeping rescue teams 
from danger by quickly discrediting false reports, confirming those thought to be 
missing as safe, and helping to bring closure for family members. WERT’s Final Re- 
port documents the key lessons-learned and recommendations, so that this capa- 
bility can be enhanced and optimized. May God forbid that such a tragedy and hor- 
ror would ever be visited on us again. But if it does, WERT will be ready to bring 
the best minds and resources of the wireless industry together to work hand-in-hand 
with traditional first responders on the never changing top priority after a dis- 
aster — saving human life. 

The August 2003 Power Blackout 

Observed Characteristics 

Most of the characteristics of the recent Power Blackout were similar to crises al- 
ready experienced by the communications industry. 

1. The duration was similar to very large power outages, for example the result 
of large ice storms 

2. The hot and humid seasonal climate was challenging for electronic equipment 

3. There were rolling blackouts and requests for load shedding 

Other characteristics, while familiar, were turned up a few notches in intensity and 
resulted in more pressure on our industry: 

4. While ice storms, heavy snowfalls and hurricanes have been widespread, the 
August Blackout was even more widespread, affecting multiple major U.S. cit- 
ies. 

5. The cause was unknown 

6. Many people have cordless phones in their home that could not function 

7. Because of the times we are living in, New Yorkers were more jittery, inten- 
sifying their need for wireless communications 

The third set of characteristics was mostly new, and their study will be the source 
of new lessons-learned from this event: 

8. The most notable being that, like September 11, this was a widespread cata- 
strophic event that was unanticipated (unlike ice and snow storms, or hurri- 
canes) 

9. Also, there were multiple cyber threats in play around this time 

10. Air and other public transportation was halted 

11. There were new levels of pressure on fuel suppliers, who are critical in sup- 
porting back-up power generators 

Wireless Network Observations 

During the first half-hour after the power was lost, enormous spikes in the num- 
ber of call attempts were seen — up to one thousand percent of normal traffic levels. 
During the next several hours, traffic hovered around one hundred percent above 
normal levels. Any service problems during the early timeframe were likely due to 
congestion caused from this very unusual demand. 

For the most part, the wireless systems and networks were working as designed. 
When commercial power was lost, cell towers drew power from back-up batteries 
until power was restored or until the battery power was consumed. The wireless in- 
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dustry will factor new insights gleaned from this historic event into future risk as- 
sessments and emergency planning capabilities. 

New Areas That Worked Well 
Mobile Text Messaging 

The WERT Final Report points out that during times of heavy congestion, a text 
message (e.g., SMS) attempt is more likely to succeed than a voice call because 
there are lower requirements for bandwidth. Interestingly, mobile text messaging 
also has consumes less power in both the network and the handset. It is encour- 
aging that early reports indicate that there was marked increase in the use of text 
messaging during the Power Blackout. 

Telecom — ISAC and Electricity Sector ISAC Interactions 

Inter-ISAC interaction was effective. This was an immense demonstration for the 
potential of what could be accomplished with ISAC-to-ISAC coordination. 

Other Lessons Learned 

• It is better to have one national point of government-industry information 
sharing through the various sector’s ISACs for efficiency and accuracy 

Homes should have a corded phone as an emergency back-up, because the bat- 
teries of cordless phones can run out 

Businesses should conduct risk assessment to determine the criticality of back- 
up power capabilities to their operations 

Government — Industry Partnerships 

Make no mistake about it: The communications industry is a fiercely competitive 
battlefield. Yet a remnant of something tremendously precious survives. Through 
the divestiture of the 1980s and the Telecommunications Act of 1996, a precious as- 
pect of the culture of the traditional telephone company lives on — it is one that as- 
cribes to itself an obligation to the safety of society. 

As the head of a non-profit volunteer organization, the spirit that was exhibited 
by thousands on September 11, and the recent Power Blackout, is tremendously en- 
couraging. WERT has captured some of that spirit in harnessing the expertise, will 
and compassion of so many volunteers, along with their companies’ or agencies’ sup- 
port. Two years ago, for 3 weeks, we knew that, if there were victims in the rubble 
with cell phones, we may be their only hope. WERT volunteers did everything pos- 
sible to listen for any signal from a possible survivor. By continuing to fulfill the 
mission of WERT, the wireless industry shows itself good stewards of its powerful 
technologies. 

The President has called on the people to be volunteers. In addition to soup kitch- 
ens and mentoring programs, critical infrastructure technology experts have figured 
out what they can “do for their country” in these anxious times. There are countless 
individuals who give of their vacation time, evenings and weekends because of their 
sense of duty and love for this country. They develop Best Practices and standards, 
conduct research, provide explanations to government officials and are on call 24 by 
7 for the next crisis. 

Industry-Government partnerships are supported by significant volunteer effort and 
are highly effective. 

Dependence on Cyber and Wireless Capabilities 

There are awesome advantages for a society connected by high-speed mobile com- 
munications. More information, in a variety of formats (voice, data, video) will be 
delivered. Wireless communications and the Internet play increasingly important 
roles in society, and particularly in emergency response. In the not-to-distant 
future . . . 

• A firefighter may have hands-free constant communication with his team 

• His vital signs may be monitored remotely from the safety of a distant com- 
mand center 

• As he carefully walks from room to room, infrared imaging data from the 
floors and walls may be combined with that of other firefighters to alert those 
in harm’s way to possible danger. 

The possibilities are endless, for every aspect of society. On the horizon is a world 
where cell phones, household appliances and even vehicles are nodes on many inter- 
connected networks. 

But with this increased connectedness, come inherent vulnerabilities and risks of 
an imperfect cyber world. The consequences of a software design error can have far 
reaching effects throughout society. Previous testimony has articulated numerous 
concerns related to cyber security vulnerabilities, threats, and proposed solutions. 
In the context of this testimony, I offer several points. 

In addition to strengthening reactionary measures — our cyber threat detection 
and response capabilities — the appropriate investment needs to be made for longer 
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term fixes that address the root of all these problems. Those bailing water out of 
the boat tend to get a lot of attention because they can show results. We need the 
patience and resolve to plug the holes and/or build other boats. What are often re- 
ferred to as “vulnerabilities” in the cyber community are usually the manifestation 
of a software design error. The kind of thinking that reserves the term “vulner- 
ability” for those characteristics that are truly intrinsic weaknesses of the program- 
ming language and operational environments will provide a better grasp of how to 
get control of this situation. Following on this, I expect that those bold enough to 
develop new, robust paradigms for programming and those applying classical qual- 
ity control principles will make major contributions in this area. 

Conclusion 

The next time you click your “SEND” button to send an email, I ask you to consider 
the previous effort of the message-bearing marathon runner of ancient Greece. We 
are now living what has only been dreamed of for centuries before us — and we are 
just about there — being able to communicate in any fashion, at any time, at any 
place. 

May it be that when a generation from now looks back on how we faced these 
cyber and physical challenges, that the scientists and engineers were found to be 
unimaginably innovative; may our leaders be found to have been enablers of life, 
liberty and the pursuit of happiness; and may the horrors of terrorism and 
cyberhackers ... be only distant memories. 

I hope that my insights offered today on the recent power blackout, government- 
industry partnerships, and dependencies on wireless and cyber infrastructure will 
be useful to the committee. 

Mr. Thornberry. Finally, we have Mr. Kenneth C. Watson, 
president and chair of the Partnership for Critical Infrastructure 
Security. Thank you for being here. Mr. Watson, you are recognized 
for 5 minutes. 

STATEMENT OF KENNETH C. WATSON, PRESIDENT AND 

CHAIR, PARTNERSHIP FOR CRITICAL INFRASTRUCTURE SE- 
CURITY 

Mr. WATSON. Thank you very much, Mr. Chairman and distin- 
guished Members. I appreciate the opportunity to testify today re- 
garding the interdependence of critical infrastructures. 

I am president and chairman of the Partnership for Critical In- 
frastructure Security, the PCIS, launched in December of 1999 as 
one of the industry responses to the Federal Government’s call for 
public-private partnerships in critical infrastructure protection. 
The PCIS is the forum for cross-sector, public-private dialogue on 
reducing vulnerabilities, mitigating risks, identifying strategic ob- 
jectives, and sharing sound information security practices. Cur- 
rently the PCIS is working on an interdependency risk assessment 
handbook, and the board meets monthly by teleconference to dis- 
cuss cross-sector critical infrastructure protection issues. 

In 1998, the Federal Government recommended the appointment 
of industry sector coordinators in each critical industry to coordi- 
nate critical infrastructure protection efforts across each sector and 
with appropriate Federal lead agencies. The PCIS board of direc- 
tors is structured so that the sector coordinators always comprise 
its majority. 

Mr. Watson. Across industry and government the role of the sec- 
tor coordinator is growing in importance and needs to be better un- 
derstood. The Department of Homeland Security is developing a 
best practices guideline for sector coordinators and working with 
lead agencies and industry leaders to organize the new sectors and 
identify appropriate coordinators. 
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Initial interdependency research has only been sufficient to illu- 
minate the importance of modeling analysis and exercises. Sandia 
and other national labs have studies of various sector intersections 
with energy. 

The National Security Telecommunications Advisory Committee, 
or NSTAC, has done similar work addressing intersections with 
telecommunications. The National Infrastructure Advisory Council, 
or NIAC, has a current effort to develop policy recommendations on 
interdependency risk assessments, and at the invitation of the 
NIAC working group, the sector coordinators are involved in that 
study which will become available after delivery to the President. 
The PCIS is coordinating with this working group so that the 
handbook we develop aligns with NIAC policy recommendations. 

Cross-sector vulnerability assessments must be built on high fi- 
delity models of each sector. Each sector model must describe how 
the network elements work, their capacities, and how and where 
they connect to each other. Network owners already know their key 
assets and critical nodes. What they don’t know is whether they 
are in the same geographic vicinity as those of their competitors or 
whether underlying infrastructure is truly diverse. 

Models must use up-to-date industry data, and infrastructure 
owners and operators must be the primary beneficiaries of results. 
A comprehensive infrastructure modeling project will require addi- 
tional government funding, and the sectors are prepared to work 
with DHS to develop the best approach for each sector. Capabilities 
from various national labs and Federal departments will be needed 
to develop a model that can be built once, routinely refreshed by 
industry, and used by many to analyze vulnerabilities and develop 
mitigating strategies. Without higher funding levels, this may take 
a decade to accomplish and only marginally benefit the sectors. 

DHS has begun to sponsor regional exercises to identify 
vulnerabilities, dependencies, and cross-sector points of contact to 
develop contingency plans to respond to physical and cyber attacks. 
TOPOFF and TOPOFF II represented small steps toward address- 
ing physical threats, but these included little private sector input 
or expertise. Livewire is an upcoming cyber exercise that will have 
some private-sector input. 

Feedback from the sectors to date is that these small-scale exer- 
cises do not benefit critical infrastructure owners and operators 
who have the responsibility of acting first during a crisis. To be ef- 
fective, they must include private-sector experts to help build the 
exercises’ design scenarios and participate as key stakeholders. 

The PCIS and sector coordinators would be happy to work with 
DHS and other government stakeholders to plan and execute such 
a series of interdependency exercises. 

I have three recommendations for Department of Homeland Se- 
curity: 

First, coordinate with lead agencies and industry leaders to rap- 
idly organize the newly named sectors, named by the national 
strategy for homeland security; identify appropriate sector coordi- 
nators and clarify sector coordinator roles; and actively promote the 
sector coordinator function to key industry and government execu- 
tives. 
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Second, improve coordination among all appropriate national 
labs and Federal departments to apply computer models and sim- 
ulations to critical infrastructure mission areas; ensure that sector 
coordinators and their constituents are involved in establishing 
modeling objectives, peer reviews of model creation, data mining 
and results; and ensure the protection of this very sensitive data. 

Third, sponsor comprehensive regional and national exercises 
that cover the physical and cyber aspects of attacks on critical in- 
frastructures as well as dependencies; ensure that sector coordina- 
tors and their constituents are involved in the exercise design, sce- 
nario creation, participation, and are the primary recipients of ex- 
ercise lessons learned. 

DHS leadership has been very inclusive of industry as they orga- 
nize to protect critical infrastructures. The department cannot be 
expected to protect critical infrastructures alone. Industry must be 
part of its organizational culture as our Nation’s approaches to 
homeland security mature. The industry leaders I work with are 
willing to do their part to protect our national and economic secu- 
rity. 

Thank you for the time. I would be happy to answer any ques- 
tions. 

[The statement of Mr. Watson follows:] 

PREPARED STATEMENT OF KENNETH C. WATSON 

Chairman Thornberry, Chairman Camp, Congresswoman Lofgren, Congresswoman 
Sanchez, Congressman Cox, Congressman Turner, and other Distinguished Mem- 
bers: thank you for the opportunity to testify today regarding the interdependence 
of our critical infrastructures. The nearly universal dependence on privately owned 
and operated infrastructures, their dependence on computer networks, and their 
interdependence on each other, were the primary drivers prompting the creation of 
the President’s Commission on Critical Infrastructure Protection (PCCIP, “The 
Marsh Commission”), which reported its findings in October 1997. We have made 
a lot of progress in the six years since the Marsh Commission published its report, 
but there is still much to be done. The attacks of September 11, 2001, the northeast 
blackout of August 14, 2003, and the rapid sequence of Internet worms seen in the 
last three weeks highlight the need to maintain a sense of urgency as we continue 
to address these issues. 

My background. I am President and Chairman of the Partnership for Critical In- 
frastructure Security (PCIS), launched in December 1999 as industry’s response to 
the Federal government’s call for public-private partnerships following the publica- 
tion of the Marsh Commission report and the subsequent issuance of Presidential 
Decision Directive 63 (PDD-63) in May 1998. I also manage Cisco Systems’ involve- 
ment in critical infrastructure assurance activities. In 1997 I retired from the US 
Marine Corps after 23 years of service, the last eight of which were devoted to what 
is now known as Information Warfare or Information Operations. My last tour of 
duty in the Marines was as Marine Liaison Officer to the Air Force Information 
Warfare Center in San Antonio, Texas, where we advanced the art of defending 
against attacks against information and information systems. The thought processes 
behind the defensive planning, modeling, and exercises we conducted ten years ago 
apply directly to the problem of critical infrastructure protection today. 

PCIS. Following the Marsh Commission recommendations, in 1998 the Federal gov- 
ernment established several organizations and positions to coordinate critical infra- 
structure protection efforts, and recommended the creation of “sector coordinators” 
in each critical industry sector to coordinate across each industry and with appro- 
priate Federal lead agencies. Working with industry leaders, lead agencies initially 
appointed eight individuals, most from industry trade associations, as sector coordi- 
nators. Some sectors have more than one coordinator because of their size and com- 
plexity. 

The PCIS is the forum for cross-sector and public-private dialog on reducing 
vulnerabilities, mitigating risks, identifying strategic objectives, and sharing sound 
information security practices. It is a public-private partnership that is also a non- 
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profit organization run by companies and private-sector associations representing 
each of the critical infrastructure industries. When we created the PCIS, we struc- 
tured the Board of Directors so that the sector coordinators would always be its ma- 
jority. The number of Directors is flexible, anticipating the creation of additional 
sectors and naming of new sector coordinators. There are currently twelve sector co- 
ordinators, representing five of the thirteen sectors outlined in the National Strat- 
egy for Homeland Security. Ten of these are on the PCIS board. The current list, 
including the Federal lead agencies and representatives, is attached. The mission 
of the PCIS is to coordinate cross-sector initiatives and complement public-private 
efforts to promote the reliable provision of critical infrastructure services in the face 
of emerging risks to economic and national security. 

In the four years since its creation, the PCIS has accomplished a great deal. A 
PCIS public-policy white paper on barriers to information sharing got the attention 
of Congressmen Davis and Moran, who co-sponsored the first bill to provide a nar- 
rowly written exemption to the Freedom of Information Act (FOIA) for critical infra- 
structure information. Senators Bennett and Kyi followed with a similar bill, and 
after conference committee work, the provision is now part of the law that created 
the Department of Homeland Security (DHS). PCIS also coordinated industry input 
to the National Strategy to Secure Cyberspace, offering each of the sectors’ strate- 
gies and an overview document comparing commonalities and differences on the 
PCIS web site. The PCIS developed an information sharing taxonomy, including the 
terms commonly used by all industry Information Sharing and Analysis Centers 
(ISACs) and government agencies that share cyber vulnerability, threat, and solu- 
tion information. Currently, the PCIS is working on an interdependency risk assess- 
ment handbook, and the board, including the sector coordinators, meets monthly by 
teleconference to discuss cross-sector critical infrastructure protection issues. 

Interdependence Examples. We all depend on telecommunications — in fact, when 
recently asked to list their dependence on other sectors, the sector coordinators 
rated telecommunications as first or second on their list. Nearly equal to tele- 
communications was electric power. Without electricity, there is no “e” in e-com- 
merce. However, without railroads to deliver coal, the nation loses 60 percent of the 
fuel used to generate electricity. Without diesel, the railroads will stop running. 
Without water, there is no firefighting, drinking water, or cracking towers to refine 
petroleum. Without financial services, transactions enabling all these commodity 
services cannot be cleared. Yet, these are not just one-way dependencies. When the 
railroads stopped running after 9/11 to guard hazardous material, it only took the 
city of Los Angeles two days to demand chlorine or face the threat of no drinking 
water — the railroads began operating again on the third day. Throughout the North- 
east, dependencies on electric power were obvious. Some areas had electric water 
pumps, and they had to boil their drinking water for days after the blackout. 

Gaps and barriers 

Sector Coordinator Roles Poorly Understood. The role of the sector coordinator is 
not well understood, either in industry or government. DHS is developing a “best 
practices” guideline for sector coordinators, and working with sector agencies and 
industry leaders to organize new sectors from which candidates for the job will 
emerge. In many critical infrastructure industries, CEOs and other executives are 
not aware of the role of sector coordinator, do not know who their coordinator is, 
and use other means to coordinate their critical infrastructure assurance actions. In- 
dustry sectors are neither homogeneous nor hierarchical, but in the rapid-paced, 
complex world of critical infrastructure assurance, single “belly-buttons” are abso- 
lutely needed to coordinate actions within and across critical sectors. 

Interdependence vulnerability research inadequate, incomplete, and underfunded. 
All of our critical infrastructures are interlinked in complex, sometimes little-under- 
stood ways. Some dependencies are surprising, contributing to unusual key asset 
lists. Studies, modeling, and exercises represent the three primary interdependence 
research methods. 

Studies. Some rudimentary research has been done on interdependencies, but it 
has only been sufficient to illuminate how important this type of modeling and anal- 
ysis could be. Sandia and other national labs have initiated interdependency stud- 
ies, looking at intersections with the energy sector. The National Security Tele- 
communications Advisory Committee (NSTAC) has done similar work, addressing 
intersections between telecommunications and other sectors. The National Infra- 
structure Advisory Council (NIAC) has a current effort to develop policy rec- 
ommendations on interdependency risk assessments. The sector coordinators are in- 
volved in that study, which will become available after delivery to the President in 
the October timeframe. The PCIS is coordinating with this NIAC working group to 



85 


ensure that the handbook we develop is in harmony with NIAC policy recommenda- 
tions. 

In the FY2004 Budget submitted to Congress, approximately $500 million has 
been requested to assess the security of the nation’s critical infrastructure. Of this, 
$200 million is allocated to develop and maintain a primary mapping database, and 
$300 million has been allocated to work with states and industry to identify and 
prioritize protective measures to mitigate any risks identified through the ($200M) 
database consequence-mapping activity. We expect this level of funding to grow at 
a rate of about 2% per year over the next five years. 

While this seems like a lot of money, there is concern that the complexity associ- 
ated with this type of analysis is not readily recognized. Conducting cross-sector vul- 
nerability assessments presumes that each of the individual sectors has already 
been modeled. This is not the case. Each sector will need to be modeled to some 
degree of fidelity before any cross-sector studies can be accomplished. These indi- 
vidual sector models must incorporate how the network elements work, their capac- 
ities, how they connect to each other, and where they connect to each other. It is 
not sufficient to simply ask the sectors’ major infrastructure owners for a list of 
their key assets and critical nodes, so that they can be “mapped.” Mapping an asset 
without modeling how it works or how it connects to or impacts the next element 
in the network is an exercise without merit. The network owners already know their 
key assets and critical nodes — what they don’t know is whether their key assets and 
critical nodes are in the same geographic vicinity as their competitors’ nodes, or 
whether underlying or supporting infrastructure is in fact, truly diverse. In highly 
competitive sectors, such as telecommunications or finance, it would not be unusual 
to find that each of the major providers has intended to buy diversity and redun- 
dancy from numerous entities, only to find that all these entities use the same un- 
derground conduit for transport that goes through the same underground tunnel, 
and they are powered by the same power generation plant. The NSTAC has studied 
the implications of these types of cross-sector dependencies and has developed a 
number of programs that the telecommunications sector uses to mitigate these risks. 
It is time, however to take it to the next level, covering all cross-sector and multi- 
sector interdependencies. 

Modeling. Existing computer modeling and simulation has not been effectively uti- 
lized for critical infrastructure protection purposes. DoD operates high-fidelity mod- 
els to support military missions. DoD is not funded for homeland security, and its 
modeling capability is probably fully utilized for the purposes for which it was de- 
signed. However, DHS could take advantage of DoD model designs and algorithms, 
applying critical infrastructure data and missions. DoE national labs use sophisti- 
cated models to help with energy planning, and they have developed the National 
Infrastructure Simulation and Analysis Center (NISAC), which is now part of DHS. 
NISAC capability is still being developed by DHS. Modeling can help develop plans, 
and it can save some of the expense and time required for regional exercises, but 
(a) the data used must be up-to-date industry data; and (b) sector coordinators (and 
the infrastructure owners they represent) must be the primary beneficiaries of mod- 
eling results — after all, the sector coordinators are responsible for developing and 
executing plans to protect critical infrastructures. One of the challenges will be that 
much of the data required may be proprietary. 

To date, the NISAC has centered its modeling efforts on the energy sector. To un- 
derstand the complexity of this modeling problem, consider the NISAC model of the 
energy sector as a baseline, and apply it as a level of magnitude to the telecommuni- 
cations sector. While we do not know the precise amounts, it is our understanding 
that the current electrical sector modeling cost about $30-40 million to develop and 
was done over the course of 3 to 8 years. If you assume that the level of detail devel- 
oped within the electrical sector model is appropriate (and we do not know that to 
be the case) and simply multiply this $30-40 million times the number of facilities- 
based networks that comprise the telecommunications sector, then you would con- 
servatively multiply this estimate by a factor of 9 networks (5 wireless + 1 wireline 
+ 2 IXC + 1 paging), resulting in a baseline model for telecommunications in the 
$270-$360 million range. Even if all $200 million was dedicated to telecommuni- 
cations modeling, it would take 1 to 2 years of currently allocated funding, and an 
even longer actual modeling effort, to model telecommunications alone. Multiply 
that by 12 sectors, and then you can start on the cross-sector interdependency mod- 
eling. 

The sectors, particularly the telecommunications sector coordinators, have initi- 
ated conversations with the national labs to determine how this important work 
could be undertaken, and what level of support the national labs would need to 
marry their modeling, testing and data mining expertise with industry knowledge 
regarding how the various networks work and how they interrelate to each other 
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within the sector. This project will require government funding, and the sectors are 
prepared to work with DHS to develop the most appropriate approach for each sec- 
tor. It is our sense that various capabilities from numerous national labs (DoE, DoD, 
etc) will be needed to develop a model that can be built once, routinely refreshed 
by industry and used by many, in the analysis of vulnerabilities and the develop- 
ment of mitigating strategies. It is also our sense that in the absence of higher fund- 
ing levels, this statutory requirement may take a decade to accomplish and any ben- 
efits to the sectors watered down significantly. This information has not been com- 
municated fully to DHS-the department is still undermanned in this area. This is 
not an accusation or complaint, but simply a reflection of start-up reality. The sec- 
tors are prepared to work closely with DHS once it is ready. 

Exercises. DHS has begun to sponsor regional exercises to identify vulnerabilities, 
dependencies, and cross-sector points of contact for the purpose of developing contin- 
gency plans to respond to physical and/or cyber attacks. This effort must be acceler- 
ated and expanded to cover every region of the country. Lessons learned must be 
shared with the sector coordinators so that all the critical industries on the front 
lines of defense can understand what they need to do and with whom to coordinate. 

“TOPOFF” and “TOPOFF II” represented small steps toward addressing physical 
threats, but these were exercises with little private-sector input or expertise, and 
certainly no funding for the insertion of this expertise into these exercises. 
“Livewire” is an upcoming cyber exercise that will have some private-sector input. 
Feedback from the sectors to date is that these small-scale exercises serve primarily 
to educate government consultants and do not benefit critical infrastructure owners 
and operators, who have the responsibility of acting first during a crisis. Regional 
exercises are a must for the physical dimension, and sometimes cyber exercises will 
be national in scope. To be effective, they must include private-sector experts to help 
build the exercises, design scenarios, and participate as key stakeholders. Funding 
must support private-sector participants’ time as it currently does that of the gov- 
ernment consultants. More importantly, their design should encourage private sec- 
tor involvement by telling them things they need to know (e.g., business continuity 
planning). These exercises must include both the cyber and physical dimensions of 
critical infrastructure planning, and must involve all the critical infrastructure sec- 
tors to ensure a complete understanding of interdependency. The PCIS and the sec- 
tor coordinators would be happy to work with DHS and other government stake- 
holders to plan and execute such a series of interdependency exercises. 

Recommendations for DHS 

Coordinate with lead agencies and industry leaders to rapidly organize the newly 
named sectors, identify appropriate sector coordinators, and clarify sector coordi- 
nator roles. Actively promote the sector coordinator function to key industry and 
government executives, and within the federal government. 

Coordinate with all appropriate National Labs to apply appropriate computer 
models and simulations to critical infrastructure mission areas. Ensure that sector 
coordinators and their constituents are involved in model creation, data mining, and 
results. Assure the protection of sensitive data. 

Sponsor a comprehensive set of regional and national exercises that cover the 
physical and cyber aspects of attacks on critical infrastructures, as well as depend- 
encies. Assure the protection of sensitive data, and ensure that sector coordinators 
and their constituents are involved in exercise design, scenario creation, participa- 
tion, and are the primary recipients of exercise lessons learned and other informa- 
tion they need to defend their part of the critical infrastructures. 

Conclusion. DHS leadership has been very inclusive of industry as they organize 
to protect critical infrastructures. Everyone in government must understand that in 
this area, public-private partnership is not just for appearances?it is absolutely es- 
sential. Since critical infrastructure owners and operators are on the front lines, the 
sector coordinators must be part of all critical infrastructure planning, strategy de- 
velopment, exercises, remediation, and responses to threats and attacks. DHS can- 
not be expected to protect critical infrastructures alone — industry must become part 
of its organizational culture as it matures. National and economic security are for- 
ever intertwined. The industry leaders I work with understand and embrace their 
role as front-line defenders, and are willing to do their part to protect our national 
and economic security. 
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Mr. Thornberry. Thank you. I appreciate your testimony. 

Again, I appreciate the testimony of all the witnesses. I think we 
have heard each of you provide interesting and helpful perspec- 
tives, coming from different places, on the challenges that we face. 

Let me first turn to Chairman Camp for any questions he would 
like to ask. 

Mr. Camp. Well, thank you. And I agree with Chairman Thorn- 
berry; I appreciate your testimony today. It is very helpful. I just 
have a few questions. 

Mr. Watson, what do you really think is the weak link in terms 
of our electrical and other security? 

Mr. Watson. Mr. Chairman, I am not sure you can point to a 
single weak link. Over the last 20 years, all of the infrastructures 
have become more and more dependent on networks, and they have 
become more and more interconnected. I think the key that we 
need to study in research and modeling and exercises is inter- 
dependency. Each of the sectors is dependent on each of the others 
and sometimes we don’t even know what these dependencies are 
without modeling and exercises. 

Mr. Camp. I realize the information may not all be available, but 
in your opinion, the August 2003 blackout, was that primarily a 
cyber problem or a human error problem? 

Mr. Watson. From what — and I am not an expert on that, and 
I haven’t seen any firsthand information that they are using to con- 
duct the investigation, but what I have seen in the press and what 
I have heard from experts is that it was not cyber related; that it 
was an unintentional fault that cascaded. 

Mr. Camp. What do you think the Federal Government should do 
or what mechanisms might the Federal Government employ to as- 
sist in preparing for a recovery from an outage of that kind? 

Mr. Watson. To assist preparing for a recovery, there are a 
range of things from prevention to response. But the first thing I 
think the Federal Government can do is provide guidance on prior- 
ities. Just as the President provided guidance that the financial 
market should be up and running within a week of the terrorist at- 
tacks of September 11, that kind of guidance and motivation would 
be appropriate in a large-scale attack or outage if that — if we need- 
ed that kind of guidance. 

Mr. Camp. It seemed as though there was a chain reaction shut- 
down in August, and what sort of safeguards can we put in place 
to prevent that, a more segmented system or what is your thought 
there? 

Mr. Watson. I don’t have the technical expertise in the electric 
power sector. I would recommend talking to the North American 
Electric Liability Council or the Department of Energy, who both 
have more details on that. 

Mr. Camp. Would any other witnesses care to comment on that 
question? 

Yes, Mr. Gilbert. 

Mr. Gilbert. As far as the recent loss on the 14th, it is a failure 
of a system that is being too heavily used, that hasn’t got the abil- 
ity to deal with normal fluctuations within its operation, and so it 
caps out and has to shut off. And the question is how to contain 
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that event in as small a zone as possible, how to “island” the prob- 
lem. 

The industry has been working on better switches and better 
control mechanisms in order to be able to do that and clearly not 
all of the different properties within the grids have implemented 
such changes as yet. 

I think we saw an excellent example in Pennsylvania and New 
Jersey, where the system was robust. They did have a good set of 
switching and controls and cyber, and they stopped the surge com- 
ing towards DC in Pennsylvania. So that is an illustration of the 
kind of configuration that might be looked upon as a model of what 
other systems might go towards. 

But I think the discussion also brought here on motivation is 
very important, because the reason that these other systems 
haven’t instituted the kinds of improvements is in part motiva- 
tional and in part simple economics. The amount of return on in- 
vestment that is available is insufficient to make the investment 
to improve the systems. That can be corrected. 

Mr. Camp. Thank you. 

Mr. Rauscher, I wondered if you could just for a minute talk 
about our telephone and Internet, wireless and the wire line sys- 
tems and how susceptible you think they are to cyber attack; and 
do you think that is more than other sectors? And what efforts 
might be made to prevent that, or have they already been made? 

Mr. Rauscher. It is difficult for me to make a comparison to 
other infrastructures. I would say that we take very seriously in 
our industry the possibilities of planned attacks, whether physical 
or cyber. In fact, the FCC’s Network Reliability Interoperability 
Council has been focused for nearly 2 years now, since September 
11, on developing best practices in a very aggressive time frame. 
There is both a focus on cyber prevention and restoration best prac- 
tices, and physical prevention and restoration best practices. In ad- 
dition, there are blended attack discussions. I am involved in lead- 
ing some of those. 

So looking at a combination of cyber and blended attacks, the 
thing that gives me the most assurance is the additional rigor that 
we are now taking. These best practices I have been referring to 
have been around for about 10 years, and they have been developed 
largely from historic analogy. So whenever we would see a major 
outage, we would do a deep-dive analysis and determine what 
would prevent this, what more could be done. And pretty much 
whenever there is a major outage, we know there was a best prac- 
tice that existed that for some reason wasn’t implemented. 

Going forward, instead of just looking at the historic analogy, we 
are saying, independent of any threat knowledge, systematically, 
“what are all the vulnerabilities?” and “what are all the different 
ingredients that make up the communications infrastructure?” And 
then we have systematically addressed those vulnerabilities with 
best practices. And this is something new that is provided much 
additional rigor and you can find more information out about that 
from the [NRIC and NRSC] reports. 

Mr. Camp. Okay. Thank you. My time has expired. Thank you 
very much. 
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Mr. Thornberry. I thank the gentleman. The gentlelady from 
California, the ranking member of the Border Subcommittee. 

Ms. Sanchez. Thank you, Mr. Chairman. My questions are going 
to be directed, I think, to Mr. McCarthy and maybe Mr. Watson 
and maybe Mr. Orszag. I am glad all of you gentlemen are before 
us today, and I know you have a deadline, so I was interested, 
Mr. — Dr. Orszag on the whole issue of there not being enough in- 
centive for private industry to ensure that it works through the 
whole issue of security. 

You know, if you own something quite large, whatever type of in- 
frastructure it is, most of the time you can’t build it if you don’t 
have some type of insurance on it. You can’t continue to operate 
it even if you are self-insured. Most States have some type of regu- 
lation with respect to some type of fund set up and set aside and 
reserves for that. 

Why do you think that is not sufficient, really, to encourage peo- 
ple to protect their own assets if that is the way they are making 
their money? 

Mr. Orszag. Let me give you an example that I think is particu- 
larly timely, involving chemical facilities. 

Let’s say that you have a chemical facility. It is worth a billion 
dollars. It houses chemicals. There are 123 chemical facilities in 
the United States that contain chemicals that could injure or kill 
more than a million people. The value of a million lives can easily 
exceed, well exceed a billion dollars. 

You may well have some incentive to make sure that there is 
some level of security to ensure that your plant is not intruded 
upon and those chemicals are not dispersed and harm people. But 
it is not adequate because your financial loss is much smaller than 
society’s loss that would occur if a successful attack did unfortu- 
nately take place. 

And that kind of example occurs, you know, in a wide array of 
settings. And I — in my written testimony I provide lots of other 
types of examples, but I think that might be a particularly timely 
and compelling one, where any time that private financial losses 
that you suffer are vastly smaller than the losses that we as a soci- 
ety would suffer, you don’t have enough incentive, bottom line. 

Ms. Sanchez. So even if I am operating and I have liability in- 
surance, you think that a carrier of liability insurance wouldn’t 
take a look at the worst-case scenario of, you know, hundreds of 
thousands of lives, given the type of chemicals that I control in my 
facility. 

Mr. Orszag. In some cases they will, but I think it is — I don’t 
know if “naive” is the word, but “too optimistic” to think that with- 
out a push that this will automatically happen. So, for example, 
when you argue that insurance firms may be providing that kind 
of incentive already, a requirement that you have insurance would 
just back that up. 

You know, to the extent that insurance firms are already doing 
this, a requirement that they do so doesn’t add any extra burden. 
To the extent that insurance firms are not doing this, and I would 
add in the context of smaller chemical facilities that they may not 
be, I think that the danger is these. Then a requirement will push 
them up to the appropriate level of activity. 
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So in some cases, clearly, insurance firms are already playing the 
role that I, for example, would envision that they play under the 
sort of mixed system that I laid out. In other cases, they are not. 
The important point is that they should be in all the cases in which 
there would be catastrophic losses from a terrorist attack. 

Ms. Sanchez. Okay. Thank you. 

Mr. McCarthy, I think you have a student that was recently in 
the news with respect to using some public information to map out 
every business and industrial sector in the American economy and 
layering on top of it the fiber-optic system that exists throughout 
the United States. And I think it was pretty much on target. Of 
course, he ran into some problems with that I think because it was 
considered a danger to national security. 

I have been pushing and a lot of us on this committee have been 
pushing the Department of Homeland Security to, in fact, come up 
with a vulnerability list or risk assessment with respect to infra- 
structure that we have out there, not only in the public sector, but 
also in the private sector. And I think it is fair to say that it has 
been a difficult process to even get information about what kind of 
criteria, et cetera, they are using. 

What would you — what would be your guideline? Do you think 
that it is possible to do that, in particular with respect to private 
industry and what infrastructure we have out there? And how long 
do you think that type of a vulnerability risk analysis would take 
for someone to do, given that you had a graduate student who was 
able to do it with respect to fiber-optic in a not-too-short time 
frame? 

Mr. McCarthy. Well, first of all, that student is one of our best 
and brightest and we are very proud of his work and stand behind 
it. 

The particular study that you refer to actually has garnered a 
tremendous amount of interest from every element, ranging from 
our Defense and Intelligence Communities, to the homeland secu- 
rity and civilian agency community, to the private sector, which 
tells me that there is an information vacuum, that people saw what 
this student was doing; and we have been deluged with questions 
regarding his work and the work of the type that was behind it. 

With respect to the time frame, let me give you a little perspec- 
tive on that student, using it as the case model. This student’s 
graduate work is in the area of mapping and geospatial visualiza- 
tion, which Ken Watson referred to in his testimony as a critical 
area, and I fully support that. The supervisor of his research, the 
Ph.D., her work is in the area of transportation networking. And 
what they have done is combined two disciplines to begin to look 
at a completely different sector or infrastructure. In this case, it 
was fiber-optic, being the fiber-optic network overlayed with the 
telecommunications network, overlayed with the banking and fi- 
nance network. 

Now, the issue of the data in open source, that was one of the 
most sensitive elements of the research, tells us a couple of stories. 
Number one, that data took 4 years to compile and refine. So it 
wasn’t just gathering the data; it was taking the data and refining 
it and working it through a series of tools and algorithms to come 
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up with a different element of information out of the data to look 
at it from a different perspective. 

Ms. Sanchez. But that was not asking people for information in 
the form that your graduate student needed it. That was going out 
and trying to find the information, trying to figure out what type 
of form do I need it in and what am I going to do to get it into 
a place where it is equal to all the rest of data I have, correct? 

Mr. McCarthy. Right. That was going out into the Ethernet, out 
into the Internet, out into the public domain and bringing the in- 
formation in and gathering it, which is another public policy lesson 
out of the research. It is out there and it is happening. 

We have a very smart guy and a very smart supervisor, Ph.D., 
who are loyal, dedicated Americans doing good work, working in a 
reputable university on reputable research. That research is rel- 
ative to the discussion and agenda we are talking about today. 

I am equally convinced that there are very smart, equally dedi- 
cated people who are looking at our infrastructures, who don’t have 
our best interest in mind, who are doing similar types of research; 
and I think that is a significant emerging area that we have got 
to focus on fast. 

There is a balance. This whole issue transitions into the informa- 
tion-sharing area, which is another broad concern of the — both 
these committees. You know, how do we make this balance be- 
tween the government’s information that they hold and retain, that 
is useful to the industry for vulnerability assessment, the data that 
exists within the industry itself about itself, and the reams of data 
that exist out in our academia community which heretofore has 
been significantly ignored, in my opinion, as part of the partner- 
ship. 

This research is evidence of that. I have gotten dozens of phone 
calls across some significant universities, calling very quietly, You 
know, look, John, we would just like to have a quiet conversation 
off line. How do you deal with this, internal to the university? 

You know, how are you maintaining a program where you have 
to get a Ph.D. candidate published so that they can get their Ph.D. 
and you have to get a young professor on a tenure track tenured? 
That happens with publication. The government’s instinct is to col- 
lect the information and classify it. The industry’s instinct is, it is 
proprietary, it is going to give away a trade secret. The academic’s 
instinct is to want to publish it. 

How do you balance that? That is a key issue. 

Ms. Sanchez. Mr. McCarthy, I agree with that and I would like 
to go over to Mr. Watson, because, you know, one of the biggest 
problems we have is that, of course, private business doesn’t want 
to be regulated, Doctor; as you know, it is a difficulty. 

But more importantly, if 80 percent of our critical infrastructure 
is in private hands, Mr. Watson, how do we — the biggest concern 
that we have heard out of private industry is, well, if we give you 
the information or we collaborate with you, and then there is a set 
of plans somewhere of everything and — everything that is going on, 
then we are afraid that just makes another level of information 
available for cyber attack or ability for the terrorist to get — in other 
words, the more information there is out there about what we actu- 
ally have, which is what we are trying to protect from a proprietary 
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standpoint or just from a security standpoint, all of a sudden the 
government also has it and we don’t really trust you guys to be 
able to really keep this under lock and key. 

What’s your answer representing those types of companies that 
are worried about this? 

Mr. Watson. That is a good question. And leaks occur every- 
where, not just in the government; but they do occur from govern- 
ment and they do occur from industry on occasion. 

You know, if you have a secret and you tell it to someone, it is 
no longer a secret. The problem that industry wants to avoid is giv- 
ing information that the bad guys can use before the good guys 
have a chance to do something about it. 

We are very heartened by the narrowly written exemption to the 
Freedom of Information Act that is in the Department of Homeland 
Security law, that provides for industry, their voluntary sharing of 
information on cyber, critical infrastructure threats, vulnerabilities 
and countermeasures with the DHS and have that information pro- 
tected. That is something that has been needed for some time, and 
we are glad that it is there. 

As far as its usefulness, we will have to see how it is used in the 
future and go from there. The provision is there, and I think that 
we are going to see opportunities to share information. We have al- 
ready seen some sensitive information shared across public and pri- 
vate sectors. 

The ISACs have been brought up earlier today, the information- 
sharing analysis centers. There are some 15 ISACs, if you count 
them one way, maybe 10 ISACs if you count another way, that 
have stood up to support each of the vertical industries. 

After the blackout, the telecommunications ISAC asked for some 
updates from the electricity sector ISAC, and they got updates 
every 2 yours. And the ES ISAC and the telecom ISAC were on the 
phone together, which was an extraordinary amount of collabora- 
tion between those two sectors. 

The ES ISAC also collaborated with the IT ISAC to discuss cyber 
threats and vulnerabilities and understand that. 

There is an informal ISAC council that has formed that has the 
leadership of the 10 largest ISACs to share information; and then 
I understand the telecom — well, the telecom ISAC and the ES 
ISAC are also sharing information with the government. The ES 
ISAC has reporting responsibility with the FBI, and the telecom 
ISAC is housed within the Department of Homeland Security’s 
NCS function. 

So information sharing is getting better. We are overcoming the 
trust barriers and those trust circles are widening. 

Ms. Sanchez. Mr. Chairman, I think you probably forgot to turn 
on the — 

Mr. Thornberry. I turned it off for the gentlelady because she 
was asking such good questions. 

Ms. Sanchez. Well, thank you, Mr. Chairman. I appreciate that. 

I have a lot of other questions. I think I will submit them for the 
record, because I think this has been an incredibly good panel and 
I do have a lot of concerns about whether the Department of Home- 
land Security is really doing what we need it to do in order for me 
to feel safer as an American. 
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But considering that I have other colleagues who have waited a 
while, thank you, Mr. Chairman for your indulgence. And thank 
you, gentlemen. 

Mr. Thornberry. I thank the gentlelady. 

The gentleman from Texas. 

Mr. Turner. Thank you, Mr. Chairman. 

First, I want to compliment Mr. Rauscher’s son, who I think is 
about two rows back, who has been back there listening carefully 
today and taking a few pictures. I think he has got a great future. 

Mr. Rauscher. Thank you. 

Mr. Turner. We were talking about the work of one of your 
graduate students, Mr. McCarthy, and I read the article in the 
Washington Post. It is dated July 8. It describes the shock that 
government officials, as well as some folks in the private sector had 
when they saw the results of his work. And I gather all of this was 
produced with publicly available information. 

Obviously, it could be very useful to terrorists; and as you said, 
you have a feeling that there are those out there who may be col- 
lecting that same information to do us harm rather than to do us 
good. 

What is the answer to this? What should we be doing? Is this in- 
formation that rightfully should be protected? Or is it already in 
the public domain and it is going to stay there, and it is just the 
way things are? 

Mr. McCarthy. Well, sir, I think yes and no. The information is 
out in the public domain. I think there are common-sense things 
that have — as awareness grows, as groups like the Partnership for 
Critical Infrastructure Security and others raise awareness — crit- 
ical information and data is taken off. Some of this is the way we 
do process. There are — a lot of the ways that these gentlemen got 
information or these researchers got information is they called up 
the local municipality and they looked for permitting, where were 
you allowed to dig to go lay a piece of fiber-optic? Some things as 
simple as that. 

It takes a very concerted effort. It takes a very thought-out meth- 
odology and it takes lot of time to do it. That is why it takes so 
long to get a Ph.D., I guess. But the bottom line is that I believe 
that this kind of work is going to go on in academia, and I think 
this kind of work should be encouraged in academia. 

I think the real story that didn’t come out in the Washington 
Post, because as you all know, you don’t get on the front page of 
the Washington Post without having a real hotshot story, there are 
some misconceptions about the story. Number one, the government 
never ever tried to suppress the dissertation. That was never in the 
mix. The real story that was being — we were being interviewed for 
was, one, young, smart researchers that are involved in the home- 
land security agenda. We support that, as a university, in terms of 
getting that message out. 

And, number two, how a university can work with the govern- 
ment and industry. 

What didn’t come out in the article is that when I came to the 
university to assume this project and we were looking at funding 
mechanisms to — what research within the university to fund, obvi- 
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ously their project came right out at me as one we needed to begin 
to move forward quickly. So in the process we got funding to them. 

And I also engaged in a process to begin to — for lack of a better 
word, begin to “shop” their research around. Number one, we 
looked internally to make sure there is a lot of sensitive data here. 
How are we handling it? And we had very solid procedures in place 
within the university. Coming from a government career, handling 
a lot of classified materials, I was very satisfied with the procedure 
the university had in place. We beefed it up a bit, particularly after 
the July article. But there were — this is an example of academia 
acting responsibly. Then we went to government and business alli- 
ances that deal with this — that have a use for this type of mod- 
eling, and we engaged in discussions with them. 

That, to me, is the real message of the article, and that is a posi- 
tive thing. That should happen all over the universities. I believe 
that is the way we instill and preserve the academic freedom ele- 
ment; and it is also — another key element of this is, we have to 
grow the next generation of security professionals. 

We have to grow the next generation of thinkers in this area that 
are going to take us to the next level, to alleviate some of the frus- 
tration — some of the kind of frustrating, seemingly, lack of control 
over our understanding of our vulnerabilities. 

I don’t think we have — our capability is just emerging to be able 
to visualize and build the kind of models that are going to help us; 
and so we are in this kind of gap period. So it is very important 
that we find a way to make this kind of relationship work, and in 
our small way at GMU, we tried to do that with this project. 

Mr. Turner. So what you are saying is that the work that Sean 
Gorman did in his dissertation is, in effect, a kind of model for 
what you think perhaps ought to go on in a wide variety of critical 
infrastructure sectors so that eventually we would have the capa- 
bility to comprehensively map our infrastructure in a way that we 
could then manipulate the data and identify our critical 
vulnerabilities and assess the impact that the disruption of one or 
an other sector might have on other sectors? 

Mr. McCarthy. Yes, sir. I fully support that statement. 

And to piggyback on a comment again that Mr. Watson made rel- 
ative to the national labs, the national labs play a critical role in 
helping the sectors. It is defined in the security strategy in helping 
the sectors help with this modeling and simulation and visualiza- 
tion capability. That is what they do well. 

I also think, and I would like the committee to be aware that 
academia is out doing this also, and it is very critical that we just 
don’t put all of our examples in one basket in that area, that we 
support the activities going on relative to these kinds of projects. 
Because, number one, the academia, the — again, the research and 
information is out there and it is happening, so we have to find a 
way to capture it and make sure that we develop responsible stand- 
ards by which academics should act. 

And I think that we have plenty of models out there. We have 
done this with biological research, we have done this with nuclear 
research, and we are doing it now with cyber and infrastructure re- 
search, so we have models to check concerns that are legitimate; 
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and in the other area, that we should just — we should be opening 
up. 

We have a very rich and robust higher educational structure that 
we have to leverage to this problem. And we have done it, again, 
in the past. We did it in World War II. We did it with the Manhat- 
tan Project. We did it with getting to the moon. And this is critical 
infrastructure. And cyber security and terrorism, all of these 
issues, to me, are equivalent to those processing. We couldn’t have 
done those things without the proper relationship between govern- 
ment, industry and academia working together. 

Mr. Turner. Thank you. 

Mr. Thornberry. The gentlelady from the Virgin Islands. 

Mrs. Christensen. Thank you, Mr. Chairman. 

Mr. Gilbert, has — this is a similar question to one that Mr. Turn- 
er asked the previous panel. But has your — the panel that you 
chair formulated an opinion on which of our critical infrastructures 
pose the greatest security concerns, that is, greatest risks of attack, 
vulnerability to attack and potential consequences? 

Mr. Gilbert. Yes, ma’am. And we wrote about it in the report. 
And as a matter of fact, we placed that dubious honor with the 
electric utilities, not only because of the vulnerabilities that they 
represented, but also the enormous dependency of the other basic 
infrastructures’ support systems, that we all rely upon, that are so 
dependent upon the constant reliable supply of electricity. We are 
truly hard-wired as a society and as an economy to the electrical 
supply. 

Mrs. Christensen. Thank you. 

Mr. McCarthy, obviously, George Mason is doing a great job of 
providing researchers and growing that next generation of think- 
ers. You talked about the research projects and your collaborations 
with the universities. I was wondering, of those 20 or more univer- 
sities, how many are historically black colleges and universities or 
minority-serving institutions? 

Mr. McCarthy. Immediately, off the top of my head, two. Nor- 
folk State University we are working closely with on both cyber se- 
curity and information warfare which — they are developing a fan- 
tastic program down there on that. And we are supporting them 
closely with that. And they are also supporting us in the National 
Capital Region Assessment that we are doing. And also Howard 
University. We have professors from Howard involved in our Na- 
tional Capital Region Assessment. 

Mrs. Christensen. Great. Thank you. Also, I was interested that 
your critical infrastructure protection is based in the school of law 
in the area where, among the many things that you are exploring 
are the legal implications of information sharing; and I was won- 
dering if — as you are looking at that, if there have been any con- 
cerns raised. 

Many of us are concerned, for example, with the loss of privacy 
and intrusions into civil liberties. Have you been discussing any of 
that thus far? 

Mr. McCarthy. Oh, yes, ma’am. First let me say, I appreciate 
your recognizing that we base this project in the school of law. 
Highly, highly unusual. I am not a lawyer. I am not a technologist. 
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I come from the information policy arena and a government back- 
ground. 

We based this project in the school of law, and it is really the 
school of law, economics, and we have made this with a mandate 
for interdisciplinary research. It comes with the premise that if you 
just look at the Federal grant process, you would put on the table 
stacks and stacks of Federal grants for technology development. 
You put another stack out there for the policy and kind of business 
governance things. It kind of goes down pretty significantly. Then 
you go down and you put in for grants that we are sponsoring to 
develop this agenda in the area of law and you get virtually none. 

So we kind of reversed the model for the use of this money. We 
fund technical research, and the technical research is critical to in- 
tegrating what we are doing. But our primary emphasis is looking 
at law, economics, business governance and policy issues relative to 
the homeland security CIP agenda, and it is to work in complement 
with what is happening with the technologist, the — and I will give 
you one quick example. 

The technologist. One project we are sponsoring is to look at 
attacker fingerprinting. When somebody comes into your computer, 
they are leaving traces; and it is just like when the FBI comes in 
and dusts. We are looking to develop that. As that research reaches 
a certain level of maturity, we are going to take that research and 
bring it into the law school to look at the intellectual and privacy 
implications of the technology, so when the whole project is re- 
leased, you see not just the technological application, but you also 
see the concerns that are raised relative to privacy and intellectual 
property. 

Mrs. Christensen. Thank you. 

And my last question would be directed to both, I guess, Mr. 
McCarthy and Mr. Gilbert, but anyone could answer it. 

Both of you talk about, for example, Mr. Gilbert, issues that 
deter open discussions among the private and governmental parties 
that need to be correctly resolved. And I think that Mr. McCarthy 
refers to that. 

Do you have any recommendations as to how we resolve those 
issues? Because it comes up not only in this area, but in Project 
Bioshield and just about everything that the Select Committee 
looks at. 

Mr. McCarthy. I will defer to Mr. Gilbert. 

Mr. Gilbert. Well, the primary areas that came up in our inter- 
viewing of people who had vested interests in the utilities were in 
antitrust and freedom of information. In the freedom of informa- 
tion, it was the problem that the private sector is quite willing to 
talk about what they have and what they are doing and all of that, 
but they don’t want those minutes to become a part of a public 
record where it is then readily available for tomorrow morning’s 
newspaper or for their competitors. So there is — I believe, under 
the Homeland Security, there is a classification now of homeland 
security information, “infrastructure information,” which is a 
source of information that can be protected. And I think that is an 
important step to overcoming the observations that we had when 
we were putting this report together. 
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So I think progress is being made. But those are the kinds of 
issues — antitrust is a big problem, and it is always filled with a 
great deal of uncertainty as to what is or is not a violation of an 
antitrust matter and whether or not there will be a knock on the 
door by the State’s attorney and so on and so on. 

So clarification in that area is more what is being sought. 

Mr. McCarthy. I would very much agree with that. We held a 
seminar at the law school on the antitrust issues relative to this 
agenda. And the consensus among the legal scholars and legal 
practitioners was that there really probably aren’t that many anti- 
trust issues involved. However, the industry representatives at the 
forum, their general counsel — predominately the general counsel 
community is, hey, it is a perception issue; and if my CEO comes 
to me and says, I want to share the data or not share the data, 
I am immediately going to say, don’t share the data. You know, 
that is just to protect — that is his job or her job to protect the com- 
pany. 

So there is part of that mentality out there. There is — but I don’t 
think that predominates the discussion. 

I think what we need to do is develop islands where we can pro- 
tect information properly. And again I think there are models out 
there. The national communications system was mentioned. That is 
a good model of industry, government and academia working to- 
gether to create an island of protection. 

The ISACs were raised. I think the ISACs have the potential to 
be those islands of protection for information if we can come down 
and get past the FOIA and the antitrust and the kinds of things 
that are bogging down the discussion, and move forward with kind 
of a vision of articulating what the economic and business model 
is to incentivize someone to participate in an ISAC and also to lay 
out, from the government’s perspective, what is it that they really 
want to get from ISACs. 

Mrs. Christensen. Mr. Chairman, could Mr. Rauscher also an- 
swer that? Thank you. 

Mr. Rauscher. Yes. I agree very strongly with the comments, 
that the NSC for the communications infrastructure and the 
telecom ISACs are the right place to do this. I would like to say 
that for the communications industry, government requests at all 
levels — Federal, State and local — for information about critical in- 
frastructure are very much a concern. And it is not just for the rea- 
sons that were emphasized here about priority information dealing 
with businesses and business issues, but for, very much, homeland 
security concerns. 

You know, much of the communication infrastructure is privately 
owned. Most of it is. And the experts, the physical security experts 
that have been assembled to develop best practices and look at 
those issues from across the communications infrastructure, are 
consistently and firmly in agreement on this point. And we believe 
it would be helpful if we could avoid government at every level, 
asking for stuff, because if you just think of all the lists that would 
exist of all the critical sites; and so, while normally you want to 
manage by facts and collect information, that is the normal ap- 
proach, there needs to be an exception when you are dealing with 
sensitive information and those exceptions need to be very clear for 
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specific purposes and information protected sufficiently and infor- 
mation destroyed and returned when you are complete with it. 

One other comment referring to the earlier discussion that hasn’t 
been said, but it should be clear that critical infrastructure design- 
ers and operators need to be careful about what they put on public 
Web sites. 

Mrs. Christensen. It has come up before. Thank you. 

Thank you, Mr. Chairman. 

Mr. Thornberry. I thank the gentlelady. 

Let me ask a series of brief questions because I know we kind 
of have a hard deadline here of 4 o’clock. Some of the witnesses 
need to go, and so I don’t want to take too long. 

Mr. Gilbert started out this panel with his personal opinion 
about a possible scenario where you have a power failure that af- 
fects food, water, all sorts of things. My impression — does anybody 
on the panel disagree with that as a real possible scenario, where 
failure in one infrastructure affects other infrastructures? 

Mr. Watson. 

Mr. Watson. Mr. Chairman, you asked earlier about the most 
critical thing to study, and I mentioned interdependency. And this 
speaks directly to that. Yes, there, the interdependency and the 
cascading failure issue is the hardest problem to solve. I don’t nec- 
essarily think that we would see an electric power failure that 
lasted weeks and months, you know, that would create that kind 
of a doomsday scenario that was painted. 

And some of the sectors are pretty robust. The telecommuni- 
cations sector has many ways of communicating and to work 
around problems. But the cascading failure of the dependencies is 
something that just isn’t known. That is why I recommended mod- 
eling as one way to solve the problem. 

Mr. Thornberry. Which is an interesting thing. We do lots of 
modeling and simulation, of course, in the military. 

Mr. Gilbert, did your committee look at modeling? I mean, you 
mentioned it, I believe, modeling and simulation. And one of the 
things that concerns me is we could spend, I don’t know, maybe 
Mr. Watson talked about time and money for a long time study. 
Meanwhile, the terrorists are active. 

It leaves us in a little bit of a quandary about — 

Mr. Gilbert. Well, fortunately, at least insofar as the electric 
utilities are concerned, there is in the Electric Power Research In- 
stitute an ongoing activity in developing simulation models that 
deal with the operations of their assets. That needs to be vastly ex- 
panded. There has also been some very good work done at Sandia 
Labs in this area. 

Mr. Thornberry. On interdependency, how the failure of one af- 
fects another? 

Mr. Gilbert. Yes. Sandia has gone into more interdependency; 
the Electric Research Institute has gone — mostly staying within 
the family in its study work. But there is good framework there. 
There are good algorithms. The challenge is getting useful data on 
the condition of existing facilities and on not only what the dif- 
ferent switches and components of a piece of the grid might be, but 
their actual condition with respect to maintenance and remaining 
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life and functionality and so on, which is giving away a lot of infor- 
mation when you start to gather that kind of — . 

Mr. Thornberry. And when you start to gather it, it may change 
by the time you are finished gathering it if you are talking about 
the condition of things. But that is part of the challenge. 

Mr. Gilbert. But it also provides a source of important informa- 
tion which is to begin to get some trend information on different 
kinds of components — this kind of components 10 years out there, 
if the weather is looking like this and so on. 

Mr. Thornberry. Yeah. Good point. 

Dr. Orszag, I think that your testimony is very helpful at a level 
of specificity that we have been trying to cope with, for example, 
in cyber security. What is the right combination of government reg- 
ulation and market incentives for the best practices that fits with 
each sector? And you made some specific recommendations for 
cyber security, which is one of our primary responsibilities on this 
particular subcommittee. 

Have you run your suggestions past industry trying to ask the 
question, for example, is this enough? Would this sort of framework 
affect the way you do business or affect the decisions that you 
make when you are buying things or trying to figure out how to 
allocate resources in your company? 

Mr. Orszag. We have had, or at least I have had, informal dis- 
cussions with industry reps. I don’t know that it is my particular 
role to interact in that particular fashion with industry. And I 
would underscore a comment that Congresswoman Sanchez made, 
which is that, of course, industry is not enthusiastic about any ad- 
ditional requirements. 

But I don’t think that should be the defining consideration here. 
In some sense, there is a national objective that private interests 
in this area, and you know, it is unfortunate that the incentives 
need to be realigned, but we need to push them closer together. 

Ms. Sanchez. I wasn’t necessarily agreeing. 

Mr. Orszag. No. I understand. I got it. 

Mr. Thornberry. But it is very important. 

Mr. Orszag. It makes it harder. 

Mr. Thornberry. Mr. Watson, if I could just ask a few things 
of Mr. McCarthy. What is the time frame? When are you going to 
have something for us to see or for the Department of Homeland 
Security to see where you have taken some of the economics that 
we were just talking about, the legal concerns that Mrs. 
Christensen was asking about, and merge that together. 

Mr. McCarthy. Actually, sir, the Department of Homeland Secu- 
rity has already seen a number of our products. A number of our 
products have been published in peer review. 

Peer review is very important, without going into details. And as 
we speak, we are at the printer right now printing the collective 
research on the project for the last year, and findings; and I would 
be happy to provide that to both committees. 

Mr. McCarthy. And if I could just make one comment relative 
to this discussion, this question you just had: Comment was made 
in the first panel, not meaning to be critical, but the term “costly 
annoyance” was used relative to the cyber attack. I think some- 
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thing fundamental that has come out the last few months here is 
the drag on the economy. 

I was talking to one international bank, just one bank. They 
have done their quick economic analysis which you can imagine 
how that was done pretty quickly and pretty accurately. Fourteen 
man-years in one week, 14 man-years in one week simply to deal 
with patching and plugging. That doesn’t talk about the impact on 
the bank itself and the transactions. 

I believe that the sectors are going to start doing this economic 
analysis, which isn’t very sophisticated and it is moving much past 
the idea of ankle biting and annoyance. 

Mr. Thornberry. Good point. And I am not sure everybody un- 
derstood that yet, by the way. 

Mr. Rauscher, your testimony actually has been some of the most 
positive that I have heard about ISACs so far. A number of wit- 
nesses before, in previous hearings, have been concerned that 
ISACs were not working as well as they should for a variety of rea- 
sons. But eventually what you are saying from your experience is 
that the telecommunications ISAC and the electricity ISAC were 
working well together with the IT ISAC for this event. And so 
maybe there is hope yet. 

Mr. Rauscher. Yes, and maybe it is — the ISAC. I am familiar 
with the telecom ISAC, which is the one within the Department of 
Homeland Security. I was on [the conference bridge] from actually 
the first minute of that the exercise Responsive coordination began 
from the start of the blackout through several days and I heard 
briefings from the other ISAC about whether power was going to 
be restored and helpful guidance that we could use to position gen- 
erators and experts and prepare for fuel supplies. Very helpful ac- 
tivity occurred, and as I mentioned in my statement, I think — it 
was the first time, I think, some really inter-ISAC activity oc- 
curred. 

Let me also mention that the Wireless Emergency Response 
Team, which was started on September 11, was a new organiza- 
tion — a capability that involved hundreds of people being mobilized 
within hours, was able to be done because the support of the 
telecom ISAC. This was on September 11, before all the readjust- 
ments had been done. 

I am really hoping that the positive, trusted and environment 
that exists there continues. 

Mr. Thornberry. Absolutely. Maybe we can learn from what is 
going well with some ISACs and apply those to some that are hav- 
ing more trouble, and that is helpful. 

And finally, Mr. Watson, you spent a fair amount of time talking 
about sector coordinators within the government. In your — should 
they be the ones to be a primary, if not the primary, contact with 
the ISACs for their sector as the key, as a key contact within the 
government? 

Mr. Watson. No, Mr. Chairman. Let me clarify what I said. 

Sector coordinators are in industry. They are nominated with 
consultation between government and lead agencies and industry 
leadership to identify those leaders and coordinators across the sec- 
tor. And yes, they should be the primary contact. 

Mr. Thornberry. On behalf of the ISACs? 
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Mr. Watson. On behalf of the industry sector, because they have 
a broader reach than some of the ISACs, and one of their respon- 
sibilities is to establish information-sharing capability which in- 
cludes the ISAC for the sector. 

Mr. Thornberry. Okay. I think your chart probably confused 
me, because you had the USDA and various agencies beside some 
of the names. But what you are saying is that is who they interact 
with? 

Mr. Watson. There are sector leaders in the lead agencies and 
sector coordinators in each industry sector. 

Mr. Thornberry. I’ve got you. Okay. 

Mr. McCarthy. Sir, if I could just make one comment very 
quickly. We just had a seminar and called and asked all of the 
ISAC community to come in, along with the Department of Home- 
land Security, again to provide some independent third-party kind 
of analysis. 

One of the key elements that jumped out at us, there isn’t — there 
are no standard models of action. There are functions at all dif- 
ferent levels of operational activity and maturity, and I think one 
key action item that can come out of this is the development of, A, 
what is the standard? What is it that we want out of an ISAC? 
What is the standard? Does the industry adhere to that standard? 

And you can make better evaluation. 

Mr. Thornberry. What are the characteristics? They may have 
to be somewhat different from this industry’s best. 

The gentleman from Arizona is recognized. 

Mr. Shadegg. Thank you, Mr. Chairman. 

Mr. Watson, I want to begin with you and follow up on a ques- 
tion that the chairman just propounded dealing with your testi- 
mony that the sector coordinator rules are poorly understood. I 
guess I would like you to give a further explanation of that than 
I see in your testimony, and in doing so, explain to me how you 
think the sector coordinator should be working with the ISACs and 
how that would work. 

Mr. Watson. I will do my best to do that. 

The original idea of sector coordinators came out of the Presi- 
dent’s Commission for Critical Infrastructure Protection that re- 
ported in October 1997; and they recommended that the govern- 
ment identify, in coordination with industry, a leader in each sector 
to coordinate across the sector. It is very difficult to coordinate, you 
know, with 80,000 IT companies and 6,000 electric power compa- 
nies or whatever. You know, one from the government, from DHS, 
or whatever agencies the government is dealing with. 

Mr. Shadegg. Let’s stop right there and then say, who then is 
the sector coordinator? 

Mr. Watson. That is another hard problem. It varies by sector. 
DHS’s working to developing a best practice for sector coordinators. 

Mr. Shadegg. Sector meaning the IT sector, like telecom? 

Mr. Watson. Yes industry sectors. 

Initially most sector coordinators were industry groups (associa- 
tions). However, currently the sector coordinator for financial serv- 
ices is an individual at the Bank of America. 

So a company is representing that sector and coordinating across 
the sector. The sector coordinator for financial services has devel- 
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oped a Financial Services Sector Coordination Council that in- 
cludes all of the trade associations throughout the financial serv- 
ices industry, and part of that includes the ISAC. 

One of the responsibilities the sector coordinator is to establish 
and maintain an information-sharing capability within the sector, 
across the sectors, and between the industry and government. 

In the electric power sector the sector coordinator is the presi- 
dent of NERC, the North American Electric Reliabilty, and they 
also operate the ISAC, so it is a different model for that sector. 
NERC provides for automatic membership of all the trade associa- 
tions in the electrical power industry to participate in this ISAC as 
well as other sector responsibilities. The sector coordinator is re- 
sponsible for things beyond information sharing, like research 
prioritization, public policy and other kinds of areas that are con- 
cerned with some of this information sharing. 

Mr. Shadegg. With the creation of the Department of Homeland 
Security do we need to formalize the sector coordinator role and 
give it structure so that they are the same from sector to sector and 
have some degree of authority that they apparently lack at the mo- 
ment? 

Mr. Watson. I would like to see the sector coordinator role pro- 
moted in industry and government, and the DHS is coming out, is 
developing sector coordinator best practices guidelines. They don’t 
want to go so far as to decree what is right or wrong for the sector 
coordinator, because industries differ. But if they can come up with 
what works and what doesn’t work and publish a best practices 
guideline, that will be very helpful to be able to meet those guide- 
lines and do the job of sector coordinator. 

A definition of the role of sector coordinator is needed and then 
promoting that responsibility is also needed. 

Mr. Shadegg. Let me ask all of you a question, and maybe it is 
too broad to be susceptible of an easy answer; but it seems to me 
that you look at different sectors and you look at interdepend- 
encies, and some are better than others. It seems to me, for exam- 
ple, in telecom there are — the telecom industry seems to me does 
a pretty good job. If you can’t take this route, you have got this 
route and this route and this route. And we covered some things 
that went down on 9/11, but we discovered they were able to quick- 
ly come back by some other routes. 

I was just downstairs in a hearing on this issue, on the blackout. 
We have — we really have a system there of, if one goes down, then 
usually the others can cover and you don’t wind up with a black- 
out. But your testimony, all of you today, kind of illustrates how 
to kind of step beyond that. 

When you go from sector to sector, you get in deep trouble. For 
example, power goes out and the next thing you know, you can’t 
pump water, so the water system goes down. You can’t pump the 
sewage. In your testimony, you talked about a diver having to go 
through 40 feet of sewage to restart a pump. Sewage goes out. And 
fuel pumps go out. You can’t pump gasoline, you can’t pump diesel 
fuel. 

Who is responsible? 

And it — should it be DHS’s function, should it be something that 
this committee is looking at for forcing some coverage to make sure 
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that, you know, there is an — somebody is examining the missing 
link and says, Okay, well, we should mandate backup power plants 
for these kinds of things like we have for hospitals. 

I mean, somebody obviously thought through if the hospital goes 
down we had better have a generator sitting outside to bring it 
back up so that the discussion that is ongoing can be complete. But 
we apparently haven’t done that for the sewage plant that is men- 
tioned in the testimony, and there may be too many other places 
where we haven’t. 

My question is, who has got that responsibility? 

Mr. Watson. I think DHS has the responsibility within the IAIP 
Directorate. That is information analysis infrastructure protection 
to identify the problem, work with industry to develop solutions to- 
gether in a public-private partnership. Industry owners and opera- 
tors understand their key notes and critical assets, but they don’t 
know all of where they depend on other infrastructures and that — 
that higher level problem is something that DHS could provide 
some guidance and help with. 

Mr. Shadegg. Anybody else want to comment? 

Mr. Rauscher. In infrastructure protection — speaking for the 
telecommunication infrastructure we should understand not only 
its vulnerabilities, but do risk assessments and make appropriate 
plans for how to deal with those. 

Mr. Shadegg. Do you agree DHS has that responsibility? 

Mr. Rauscher. Many of these infrastructures are privately 
owned. So what about the expertise? The first question is the dupli- 
cation of the expertise. There has to be a partnership with the in- 
dustry and I think there are things like the President’s National 
Security Telecommunication Advisory Committee that has policy 
issues, the industry does bring those forward. So much of the ideas 
are going to come from the experts within the industry. 

Mr. McCarthy. I believe the Department of Homeland Security 
has responsibility to build and manage a comprehensive framework 
that allows the industry, depending on the sector, to be able to 
hang their issues and their problems and to be able to do the anal- 
ysis they need to do. The success stories for information sharing 
and ISACs come from the fully funded governmental — the national 
communications fully funded. I mean, it is an entity that the indus- 
try has invited to come into. The FSISAC is coming from pure in- 
dustry funds, but there is a significant amount of money to it. 

So that tells me something. And you analyze the water industry, 
and that is a very decentralized activity than the cascading effect 
is is a local cascading effect and the true threat is the undermining 
of public confidence across — you know, it is not the connection be- 
tween the infrastructure; it is if you do this in New Jersey, what 
is going to happen in Detroit? 

Mr. Orszag. I do think the responsibility rests with the Depart- 
ment of Homeland Security. I would just say that obviously one 
needs to be careful. I would not want an array of government bu- 
reaucrats coming in and saying you, firm A, needs a backup gener- 
ator. Instead, you need to be thinking about the government struc- 
ture that provides incentives for that firm to do that on its own. 
And I frankly think that this is, I don’t want to say the — one of 
our biggest failures in homeland security. I do not think the De- 
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partment of Homeland Security is thinking through incentives that 
should be provided to the private sector in, as far as I can tell, any 
kind of systematic fashion. And I think it comes back to the con- 
cern about changing the incentives in any way and I think that 
that is a very substantial and critical vulnerability that this com- 
mittee and others should frankly force them to change. 

Mr. Gilbert. Add my two cents. I want to be very careful about 
what we say the homeland security should do, because I think it 
may serve the role as convener, it may serve the role of facilitator, 
may serve the role of organizer, but you have got all levels of gov- 
ernment involved in these various elements of your infrastructure 
and a lot of private parties as well. And so each one has their own 
set of issues they have to deal with. So I think if the homeland se- 
curity organization can help to focus and plan and describe and lay 
out what the interlinked needs requirements are and then work 
with these various levels and organizations, where the means by 
which financing and implementing and so on can take place, then 
I think we can make some progress. 

I was involved with the first responders and the early attempts 
to try to get something out that would improve their situation, and 
there was a whole lot of talk and a very little bit of delivery and 
a lot of expectations raised, which didn’t get fulfilled. Some still 
aren’t. So I think we have to be cautious about how we rush for- 
ward here. 

Mr. Thornberry. Mr. Watson, I understand that you have to 
leave and to catch a plane, which is the last chance. So at this 
point you are excused. 

Mr. Markey. Could I ask Mr. Watson just one question if you 
still have time? 

Mr. Watson. I can do it, sir. 

Mr. Thornberry. Gentleman from Massachusetts is recognized 
briefly. 

Mr. Markey. Mr. Watson, what time is your flight? 

Mr. Watson. At 6. 

Mr. Thornberry. The gentleman from Massachusetts is recog- 
nized for a more extended period. 

Mr. Markey. And that brings me to my point which is that, you 
know, we got a lot of Federal agencies that really don’t ask a lot 
of questions, you know, to get the real situation identified so that 
then you can deal with the reality of it the way we just did about 
when your flight is, which helps so everyone can conform to the re- 
ality of the situation. So back in January, the slammer worm dis- 
abled computer systems at First Energy Davis Bessie reactor and 
other utilities. And in at least one case, this was because A, people 
didn’t download their security patch, or B, that the T— 1 and re- 
motely-connected computers circumvented the fire wall. So actu- 
ally, believe it or not, nothing actually happened at the NRC after 
that in terms of warning other nuclear reactors that there was a 
problem. Kind of shocking that they didn’t do that. 

What I did on August 22 was I wrote a letter to the NRC and 
I asked them about this incident back in January and what they 
had done and what were their recommendations for the other nu- 
clear utilities since they actually hadn’t said a word to any other 
nuclear utility in 7 months. And then remarkably one week later, 
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the NRC sent out an information notice to all nuclear power plants 
in the United States explaining what had happened 7 months be- 
fore in their nuclear power plant, but they actually had no orders 
to fix the same problem in their own nuclear reactors if they had 
such a problem — no orders at all. 

So my question to you, Mr. Watson is, shouldn’t homeland secu- 
rity be mandating to each of these agencies that work with them 
that they inform affected parties, potentially affected parties of 
critical infrastructure and the critical infrastructure sectors of 
vulnerabilities and then specifically recommending fixes that could 
prevent the very same problem from occurring in their utility? 

Mr. Watson. Let me make sure I understand the question cor- 
rectly. You are asking the question should the DHS be responsible 
for mandating that other Federal agencies provide warnings so 
that industry could provide — could implement fixes when 
vulnerabilities are discovered? 

Mr. Markey. And the Nuclear Regulatory Commission obviously 
just flubbed this completely until I notified them and that is not 
a good situation given the fact that we are right now wondering 
whether or not a worm or blaster might have helped to aggravate 
the problem at First Energy. This doesn’t seem to be an awareness 
at the Nuclear Regulatory Commission of the pervasive nature of 
this cyberterrorism threat in terms of its potential consequences for 
nuclear power plants. 

Mr. Watson. This is a multi-phased question. Patching is a com- 
plex problem. The idea of warning and providing information on 
vulnerabilities is another problem. And the idea of mandates on ei- 
ther area is a third question. 

Mr. Markey. Should there be a warning first? 

Mr. Watson. I believe there should be a warning. I am not sure 
whether — and not knowing enough about every kind of possible 
threat, I am not sure whether that should be mandatory for Fed- 
eral agencies. As far as patching goes — 

Mr. Markey. I don’t understand what you mean. The Nuclear 
Regulatory Commission has jurisdiction over nuclear power plants 
and their safety. Here is a problem that was identified at Davis 
Bessie with regard to the slammer virus and no warning was given 
to the other 103 nuclear power plants in the United States that 
this incident had occurred. So the first question is should the other 
103 nuclear reactors have been notified? 

Mr. Watson. I believe they should. 

Mr. Markey. Does everyone agree they should have? 

Mr. Watson. I am not sure it is NRC’s responsibility to make 
their notification. 

Mr. Markey. It is their responsibility. Under the Atomic Energy 
Act, it is their responsibility. 

Mr. Markey. Who do you think the responsibility would have 
been with? 

Mr. Watson. The information on the slammer and other cyber 
kinds of worms and viruses flows through the ISACs action and the 
energy ISAC, and the electricity sector ISAC had the information 
and they were spreading it across to industry members of the 
ISACs. I believe that that information flowed very quickly. As far 
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as recommendations on when to patch and how to patch, that can 
be complex. 

Mr. Markey. Do they have authority to mandate that there be 
a patch — ISAC? 

Mr. Watson. They do not have the authority to mandate a patch, 
and I am not sure mandating a patch would be the right idea. 

Mr. Markey. Do they have — do they have the power to mandate 
that the utility inspect to see whether or not a similar problem ex- 
ists within their nuclear — 

Mr. Watson. ISACs do not have power or authority over indus- 
try members. 

Mr. Markey. What I am saying it is inside the Nuclear Regu- 
latory Commission. They are the agency responsible for the safety 
of nuclear power plants in the United States. And when they were 
given this information, it was they who had the principle responsi- 
bility delegated by this Congress and by ultimately as this com- 
mittee has now jurisdiction over it by the Homeland Security Com- 
mittee to ensure that that information is communicated, or else we 
wind up with a same problem that we had in, you know, in August 
of 2001, where information was there, but not communicated in a 
way that could be effectively used. 

Mr. McCarthy. Your scenario actually raises an additional issue 
that I think is of vital concern. There has been numerous discus- 
sions of infrastructure since the President’s Commission report, et 
cetera. And as you get into the room and we discussed the room 
almost divides into two camps, one that says never can happen, ab- 
solutely never and the other one that says it is happening and the 
sky is falling. So we have to find that place in between where you 
know the notion of an intrusion into a nuclear plant, and again, 
there are many systems in a nuclear plant and whether that intru- 
sion went into a vital critical system is what is at issue rightfully 
and I think that you point that out. But the key issue there is 
when you are trying to do this vulnerability assessment and get 
the data to run the models and to do the visualization and see 
what is there, you run across this constant tension of can never 
happen and therefore let us not talk about it anymore, because you 
are just giving information to bad guys, a road all the way to the 
world is coming to an end, and we have to get past that. 

Mr. Markey. I think the problem we identified here was obvi- 
ously one that is central to the reason why our committee was con- 
structed, which is there is not an effective dissemination of infor- 
mation to potentially affected parties of relevant information of 
threats that have been identified. And I think that here, if there 
was a similar problem in another nuclear power plant, that the Nu- 
clear Regulatory Commission had an obligation in a timely fashion, 
in my opinion, after September 11, that means immediately to send 
that information to all of the nuclear power plants. That is not pro- 
prietary information to Davis Bessie. It is now relevant information 
to vulnerabilities inside of nuclear power plants that could be ex- 
ploited. 

And I don’t think that happened and I just think that unless we 
have a systematic way of ensuring that these agencies respond not 
to the utility, but rather to public safety and security as their prin- 
cipal responsibility which, by the way, each of these agencies have 
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as their principal charter responsibility, then we will have some 
brilliant al Qaeda Ph.D. from MIT or Harvard or CALTECH some 
day in the future exploit that vulnerability. Thank you, Mr. Chair- 
man. 

Mr. Thornberry. The gentlelady from Texas. 

Ms. Jackson-Lee. Dr. Orszag, I would like to focus my questions 
in your direction and to suggest that the thrust of this committee, 
my understanding, was to ensure that we would be called the 
Homeland Security do-something committee as opposed to do noth- 
ing. And I say that in the backdrop of the issue of terrorism never 
announces its entry in our lives. We saw that on 9/11. And so, I 
believe it is important that we have a mind-set of preparedness 
and readiness, and therefore, I find it very difficult that we don’t 
take the laboratory of the blackout and really act. 

And governmentally we have to act because the private sector re- 
sponds that we don’t want to be intrusive. We want a robust pri- 
vate sector, but they don’t respond in many instances, and I under- 
stand it unless we give guidance or regulations or defined policies 
that they can abide by. One of the issues in this committee is to 
empower citizens, that is more preparedness in neighborhoods and 
communities. I hope that is very good. I would like to ensure that 
the ISAC now have legs, teeth and arms and can move. 

And frankly, I believe that they were very comfortable advisory 
committees which I applaud. If we can claim a success on the days 
of the blackout, I think the success comes from the way local gov- 
ernment responded. We can clearly probably see a distinction be- 
tween 9/11 and now. I think they were efficient, they were calm, 
they were effective. That means mayors of the respective cities and 
our first responders and I want to compliment them on that. But 
I want to focus on some comments that you made regarding the ad- 
ministration’s strategy leaves out several key priorities for action, 
including major infrastructure in the private sector, which the ad- 
ministration largely ignores. 

Can you elaborate on how the current policies ignore critical in- 
frastructure protection, what must be done to increase increased 
critical infrastructure security and from A to F, if you had to grade 
the Department of Homeland Security, DHS and White House ef- 
forts to protect critical infrastructure in the private sector, what 
grade would you give? And let me say, this is based upon two as- 
pects, and I said it earlier today, accountability and then finding 
what happened so that we hopefully will not retrace our steps. It 
is not accountability for its sake simply, but it is to say that my 
sense of the blackout is urgency, one, a crumbling infrastructure 
which is no one’s fault, it is aging and no intervention. 

But I say that in the context that we are so grateful that what 
that was, as we understand it to date, was a crumbling infrastruc- 
ture. Suppose it was not. And I think that gives us the extra added 
burden, the urgency to act yesterday. And as a government entity 
for us to say that who is responsible or not responsible but for us 
to be in the context that we can even pause for a moment is a dif- 
ficult position — I find it a difficult position to be in. And I would 
appreciate if you comment on that. 

And I have one other question. And gentlemen, please, Mr. Wat- 
son, we smile because we are dark through the airport one minute 
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before, but you do it the right way. So if you are able to comment 
right after him, I would not want you to be in a complex situation. 
And I don’t know if you can comment on the policies, but hopefully 
you can comment on the question of critical infrastructure protec- 
tion. Maybe you just want to comment. 

Mr. Watson. I have not been raising my hand to ask to be ex- 
cused the whole time. I have been trying to get — a lot of questions 
have been asked about the role of regulation versus market pres- 
sure and that is one of the areas that is being studied by the Na- 
tional Infrastructure Advisory Council. They are looking at the role 
of regulation, or actually the best security driver sector by sector. 
In some sectors, regulation will impede security. In other sectors, 
regulation will enhance security. When you look at State and local 
governments and some of the public sectors that includes some of 
the utilities, they may need regulation to provide needed funding 
that they don’t have. But in other sectors like the IT industry, reg- 
ulation tends to inhibit innovation. It tends to mandate the lowest 
common denominator and those systems and products that are pro- 
duced from regulation are two or three versions behind the State 
of the art and actually can harm security for that sector. 

So I think that you will be benefitted and all will be benefitted 
when the NIAC finishes its study and publishes it and looks at 
what the most effective security drivers are for enhancing security 
across the sectors. 

Ms. Jackson-Lee. Could you include in your response the point 
made in your book about the DHS now having responsibility for 
overseeing critical infrastructure protection and elaborating on the 
lack of effectiveness on the concept of closer attention, whether 
close enough attention being paid. 

Mr. Orszag. I think I suggested before, I think one of the most 
glaring vulnerabilities that we face as a Nation is precisely in the 
incentives that private firms have to protect against terrorist at- 
tacks. And I think one of the reasons that I have been disappointed 
by the actions taken thus far, we are almost 2 years after 9/11 is 
that there does not seem to be recognition of that point. If you lis- 
ten to the rhetoric that comes from both the Department of Home- 
land Security officials and others, it is very much of the sort that 
the private sector has incentives to do all of this and I just fun- 
damentally disagree with that. They do have some incentives but 
not strong enough. 

I also agree that a heavy-handed sort of command and control 
regulatory approach is probably not the right answer in the vast 
majority of sectors; I would think that would be the sort of task of 
last resort. That would be the thing that you would use last. And 
instead what you want to be thinking about is ways of using pri- 
vate markets to create incentives for better protection so that you 
can get the innovation over time and have a more flexible system, 
and it is not a rigid approach. 

But I don’t see that kind of discussion coming out of the Depart- 
ment of Homeland Security. It is not sort of consistent with the 
rhetoric. There was one, I think, glaring example of this I remem- 
ber on NPR several months ago in which a senior Department of 
Homeland Security official basically said we don’t need to worry 
about this. The private sector will take care of it. Again, for the 
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reasons I lay out in my testimony, I just think that is dangerously 
and fundamentally wrong. 

Ms. Jackson-Lee. How would you grade them? 

Mr. Orszag. Well, having spent 3 years grading students, I am 
a little reluctant to give a grade, because I know the sorts of com- 
plaints it engenders, but it is not a passing grade. 

Ms. Jackson-Lee. And do you think it warrants us acting now 
and very quickly, thoughtfully but quickly? 

Mr. Orszag. I think thoughtfully is important. One does need to 
weigh — I am a firm believer in the power of private markets and 
incentives that firms face in determining the efficiency with which 
they do things. And I think you need to be very careful not to inter- 
vene in an excessively costly way. That having been said, we are 
now almost 2 years after 9/11. I raised chemical facilities before. 
That is just one of many sectors in which there has been absolutely 
inadequate movement, as far as I can tell, to correct incentives that 
firms face. 

Ms. Jackson-Lee. Mr. McCarthy. 

Mr. McCarthy. On your grade, teaching a graduate course my- 
self, I would give the Department of Homeland Security, given be- 
yond the operational and policy things that have to happen, there 
is a tremendous amount of building that needs to take place. We 
are trying to build the airplane, design it, fly it and serve drinks 
at the same time. So from that standpoint I give the Department 
of Homeland Security a C, which as a professor and a teacher, it 
tells me the concepts are there, the pieces are there, and I do be- 
lieve that organizationally we have built the right thing. We have 
the constructs. 

Some levels of maturity gradations out in the private sector we 
have the right pieces in the government fundamentally to move for- 
ward. We have to allow some maturity and some areas in the iden- 
tification of key assets to deal with the immediate, I agree we have 
to get that done and get that moving forward, but I would give 
them a better grade than that. 

Mr. Orszag. It is the difference between grading on a curve. 

Mr. Thornberry. Let me thank each of the witnesses because 
each of you has done and are doing important work that helps us 
to improve their grade and improve the grade of the whole govern- 
ment and the whole country, and that is what we are here to do. 
I thank the gentlelady from California for sticking it out as well 
as all of her work in the area of homeland security. We may have 
additional questions we will submit. If we don’t ask the question 
but you have a suggestion, send it to us anyway as well as future 
publications and so forth. Again, I thank all the witnesses and this 
hearing stands adjourned. 

[The information follows:] 

[Whereupon, at 4:25 p.m., the subcommittee was adjourned.] 




ELECTRIC GRID, CRITICAL 
INTERPENDENCIES, VULNERABILITIES 
AND READINESS 


WEDNESDAY, SEPTEMBER 17, 2003 

Subcommittee on Infrastructure 
and Border Security, 

AND 

Subcommittee on Cybersecurity, 
Science, and Research and Development, 
Select Committee on Homeland Security, 

Washington, DC. 

The subcommittees met, pursuant to call, at 3:30 p.m., in Room 
2359, Rayburn House Office Building, Hon. David Camp [chairman 
of the subcommittee] presiding. 

Present: Representatives Camp, Sessions, Dunn, Smith, Weldon, 
Sanchez, Dicks, Jackson-Lee, Christensen, Etheridge, Slaughter, 
Lucas, Pascrell, Meek and Cox. 

Mr. Camp. [Presiding.] The Subcommittee on Infrastructure and 
Border Security and the Subcommittee on Cybersecurity, Science 
and Research and Development joint hearing will come to order. 
Today’s business is to conclude part two of the hearing entitled Im- 
plications of Power Blackouts for the Nation’s Cybersecurity and 
Critical Infrastructure Protection, the Electric Grid, Critical Inter- 
dependencies, Vulnerabilities and Readiness. 

Good afternoon. The vice chair of the Cyber Subcommittee, Con- 
gressman Pete Sessions, will join me in this joint hearing, as he 
has agreed to sit for the chairman, who had a scheduling conflict. 
I would like to thank all of you for attending today’s hearing, The 
Federal Response to the August 2003 Blackouts. 

The two subcommittees will hear first from federal agencies that 
played a direct role in response and communications procedures 
during the blackout. We will then hear from a panel offering the 
state perspective and comments on information sharing. Our wit- 
nesses in order of testimony are the Department of Homeland Se- 
curity Assistant Secretary of Information Protection Robert 
Liscouski, Department of Energy Acting Director of the Office of 
Energy Assurance Denise Swink, State of Michigan Assistant Adju- 
tant General for Homeland Security Colonel Mike McDaniel, and 
General Accounting Office Director of Information Security Robert 
Dacey. 

I want to thank all of the witnesses for their participation. The 
investigations into the blackout are still ongoing, and I understand 
that neither Mr. Liscouski nor Ms. Swink will be able to testify 
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about the cause of the blackout at this time. However, your direct 
experience in responding to the blackout, and your critical infra- 
structure expertise, makes your testimony very valuable as the 
Homeland Security Committee continues to look at ways to 
strengthen America’s critical infrastructure. The committee appre- 
ciates your willingness to be here today. 

To allow more time for witness testimony and member questions, 
the chair requests that members agree to a unanimous consent re- 
quest to waive opening statements. The record will remain open for 
members to insert their statements in the record. So with no objec- 
tion and agreement to waive statements, we will proceed. 

Again, I want to thank our witnesses for being here today. We 
will hear testimony from our federal panel first, and we will begin 
with Assistant Secretary Robert Liscouski. Before you begin your 
statement, I would like to acknowledge before the committee that 
you also testified before the Cyber Subcommittee, and I would like 
to extend the committee’s appreciation for your willingness to ad- 
dress this committee 2 days in a row. 

PREPARED STATEMENT OF THE HONORABLE JIM TURNER, A 
REPRESENTATIVE IN CONGRESS FROM THE STATE OF TEXAS 

Thank you, Mr. Chairman. 

I greatly appreciate the efforts of the sub-committees to continue their inquiry 
into the widespread blackout in August that left nearly 50 million Americans with- 
out power. Although the power outage does not appear to have been the work of 
terrorists, it clearly served as a wake up call for us examine not just our electrical 
grid, but all of our critical infrastructures and ask an important question, “Have we 
done enough since September 11, 2001, to comprehensively assess and protect our 
nation’s critical infrastructures from potential terrorist attack?” 

America’s critical infrastructures comprise the backbone of our economy. They are 
essential to our way of life. In addition to electric power systems, these essential 
infrastructures include chemical and nuclear plants, water systems, commercial 
transportation and mass transit. 

Our country’s infrastructure also includes the extensive computer and information 
technology systems which we increasingly rely upon to operate and interconnect our 
many diverse physical assets. 

There are hundreds of thousands of potential critical infrastructure targets that 
terrorists could choose to attack. In light of the potential threats and vulnerabilities 
we face, I want to draw the committee’s attention to Governor James Gilmore’s tes- 
timony last week before the full committee: “A good national strategy can reduce 
the risk (of a terrorist attack), and direct our resources to the correct priorities.” 

A comprehensive risk assessment is central to any robust strategy. Such an as- 
sessment should include a thorough assessment of threats, vulnerabilities, and con- 
sequences. Furthermore, in order to successfully execute a strategy, you need a ro- 
bust organization; effective coordination between federal, state, local, and private- 
sector officials; and a clear set of objectives and standards by which to measure 
progress. 

I remain concerned, however, about whether the administration has done all that 
it can do to assess the threats to and vulnerabilities of our critical infrastructures, 
and implement a strategy to protect them. 

The problem we face today is that we are attempting to secure the homeland 
without a comprehensive strategy based on an assessment of threats and 
vulnerabilities. 

This is like building a home without a blueprint or a pilot navigating through the 
clouds without instruments. Until we have a clear understanding of the likely 
threats against us and a ranking of our vulnerabilities it is impossible to set prior- 
ities, establish security benchmarks, and measure progress. 

I bope we will hear today from our government witnesses how far along we are 
on completing a comprehensive risk assessment of our critical infrastructure. And 
I am interested in learning what the Department of Homeland Security’s plan is for 
protecting our infrastructure once the assessment has been completed. Specifically, 
I would like to know what federal assets are going to be dedicated to this task, how 
the Department of Homeland Security intends to assert leadership at the federal 
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level, and how it will interact with the private sector to provide an acceptable level 
of security for all Americans. 

I hope to hear that we have a solid plan that will move quickly to remedy the 
gaping holes in security — only one of which was so clearly exposed by the blackout 
last month. 

I want to thank the distinguished panel. I look forward to your testimony. 

PREPARED STATEMENT OF THE HONORABLE SHEILA JACKSON-LEE, A 
REPRESENTATIVE IN CONGRESS FROM THE STATE OF TEXAS 

Subcommittee Chairman, thank you for your efforts in holdingtoday’s joint hear- 
ing on this important matter. We take up this subject matter in an extremely timely 
fashion, given the threat of hurricanelsabel in this local metropolitan area. 

The purpose of this hearing is to expound upon the examination of the blackout 
of August 14, 2003 that left some 50 million people in 8 states and Canada without 
power. The areas most affected, according to the North American Electric Reliability 
Council (NERC) were the Great Lakes, Michigan, Ohio, New York City, Ontario, 
Quebec, Northern New Jersey, Massachusetts, and Connecticut. This incident, thus 
far, has not been determined to be terroris-relates; however, the extent by which 
it crippled the above-referenced expansive sectors of our nation and Canada was 
frightening to the point that it should have given the Administration a “wake-up 
call” as to the inadequacy of our existing critical infrastructure. The primary theme, 
or issue, of to day’s proceeding is “Whether we have done enough since September 
11, 2001 to protect our nation’s critical infrastructures from potential terrorist at- 
tack?” 

In our task of collaborating and fine-tuning the newly developed Department of 
Homeland Security against the projected needs of our nation, we must begin our 
evaluation at the most basic levels. Critical infrastructure protection is important 
to every member of our national and local communities. In order to implement a 
program of securing cyberspace and critical infrastructure at a national level, we 
must follow a course of risk assessment, education, and careful reaction at the local 
level to protect our schools, hospitals, and rescue facilities. These goals are part of 
the impetus for the amendments that I offered as to the Department of Homeland 
Security Appropriations Act and to the Project BioShield Act so that funding mecha- 
nisms and the Secretary’s discretion contain the control provisions necessary to en- 
sure the proper and effective allocation of resources to the places that have the most 
urgent needs. An illustration of the disjunct in our infra and super-structure is the 
television broadcast of the tens of thousands of New Yorkers who had to walk across 
the Brooklyn Bridge to end their workday. This is vulnerability. Thousands of riders 
of underground mass transit systems trapped in cars, frugal in their consumption 
of oxygen and hopeful that their rescue team was near equates to vulnerability. Be- 
cause we cannot cast blame for this occurrence on a terrorist group means that we 
are vulnerable to ourselves first and foremost. The Administration must increase 
our awareness of the status of the areas that are most open to corruption. 

In Houston last year, a 21-year old man was sentenced to three years in prison 
for a terrorist hoax concerning a plot to attack the opening ceremonies of the 2002 
Winter Olympics in Salt Lake City. The Houston resident was sentenced by the U.S. 
District Judge and ordered to pay $5,200 in fines. The Judge told the Defendant 
that she had sentenced him to three years because he had failed to demonstrate his 
understanding as to the seriousness of his crime and disruption that he had caused 
to federal agencies and private citizens. 

The perpetrator told the FBI in Houston that he had intercepted e-mails between 
two terrorists plotting a missile attack during the opening Olympic ceremonies on 
February 8, 2002. The e-mails supposedly detailed plans to attack Salt Lake City 
with missiles launched from northern Russia. He later confessed to making up the 
story during questioning, telling agents that stress led him to tell his tale and that 
he had fabricated the e-mails. 

Just a few months ago, Federal prosecutors charged a University of Texas student 
with breaking into a school database and stealing more than 55,000 student, fac- 
ulty, and staff names and Social Security numbers in one of the nation’s biggest 
cases of data theft involving a university. The student, a twenty-year old junior 
studying natural sciences, turned himself in at the U.S. Secret Service office in Aus- 
tin, Texas. He was charged with unauthorized access to a protected computer and 
using false identification with intent to commit a federal offense. This incident sent 
a wave of fear across the campus of the nation’s largest university, causing students 
and staff to consider replacing credit cards and freezing bank accounts. The studen- 
perpetrator was released without bail and thereafter had limited access to com- 
puters. If convicted, the student faced as many as five years in prison and a 
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$500,000 fine. After searching this student’s Austin and Houston residences, Secret 
Service agents recovered the names and Social Security numbers on a computer in 
his Austin home. According to the indictment, Phillips wrote and executed a com- 
puter program in early March that enabled him to break into the university data- 
base that tracks staff attendance at training programs, reminding us how vulner- 
able we all are even when our Social Security number is misused. To combat the 
vulnerability linked to Social Security numbers, the university must limit its de- 
pendence on Social Security numbers as database identifiers and instead use an 
electronic identification number that corresponds to Social Security numbers only in 
an encrypted database. This data theft was probably the largest ever at a univer- 
sity. 

Therefore, since the threat to critical infrastructure is realized at a very local 
level, we must channel our resources and technology to the first-responders and 
leaders in the local communities. The movement to securing our homeland needs to 
be expansive, not retracting. If our local hubs and first-responders were disabled by 
a terror threat, we would have a hard time developing effective protective measures 
for our nation as a whole. 

Just as we must ward against the large threats to our critical infrastructure, the 
“small” incidents must not be allowed to create a larger vulnerability. 

PREPARED STATEMENT OF THE HONORABLE JAMES LANGEVIN 

Thank you, Mr. Chairman. I would like to welcome our witnesses, and express 
my appreciation for your willingness to come here for what I hope will be a very 
enlightening and productive hearing. I look forward to hearing from these distin- 
guished experts about our infrastructure and what we need to do to protect it. 

Mr. Chairman, it was with great expectation that we created the Department of 
Homeland Security and charged it with protecting us from terrorist threats and re- 
sponding to emergencies here at home. This means not just controlling the border 
or patrolling airports, but making sure that the infrastructure that is vital to the 
daily operation of the United States is protected. Congress was assured that infra- 
structure protection would be a top priority at DHS, but until the blackout, there 
has been no indication on the status of those efforts. Despite the open forum we are 
in, I am hopeful that we may get at least a preliminary update today. 

Ultimately, the real problem is that we have not seen meaningful plans or 
progress from DHS in identifying critical infrastructure and existing risks. That 
step is critical before we can talk about how to protect it. This is a task DHS needs 
to he undertaking in close cooperation with local and state governments, though sev- 
eral states have decided to identify their criticalinfrastructure even without DHS 
support. A graduate student and his advisor took two years to produce a map of 
our fiber optic network from publicly available information. DHS has far more man- 
power and resources, so one would assume it could produce assessments much more 
quickly. I would like to hear from our panel what they think of DHS’s efforts, or 
lack thereof, towards the goals of infrastructure identification and protection, and 
how they envision DHS either leading or supporting the endeavor. 

Again, I greatly appreciate all of our guests taking time to be here to discuss this 
vital issue. 

PREPARED STATEMENT OF THE HON. CHRISTOPHER COX 

Good afternoon. I would like to thank the subcommittee chairmen and ranking 
members for taking the lead on this important continued examination of the lessons 
learned as a result of the recent power outages, the effects the blackout had on re- 
lated critical infrastructure around the country, and how the Department of Home- 
land Security communicated and worked with state and federal agencies, and our 
international neighbors during the crisis. 

I am pleased to join in welcoming all of our witnesses, and especially wish to 
thank Assistant Secretary Liscouski for returning for a second day of testimony 
after testifying before the Subcommittee on Cybersecurity, Science, and Research & 
Development, just yesterday. 

It is often said that if we train like we fight, we will fight like we train. How 
DHS reacted and communicated with other federal and state agencies during the 
blackouts was the first major test of the Department’s Information Analysis and In- 
frastructure Protection Directorate (IAIP), and I am eager to hear of the Depart- 
ment’s successes, failures, and lessons learned from the blackout. 

We now know that within less than an hour, DHS officials determined that the 
blackouts were not the result of a terrorist attack. It has been only a little more 
than a month since the blackout occurred, and although the exact cause of the 
blackout remains unknown, it is my hope, that the Committee will learn from to- 
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day’s first panel the present status of that investigation, and when the nation might 
expect conclusive answers. Also, I look forward to the witnesses’ testimony address- 
ing how DHS was able so quickly to determine that the blackout was not the result 
of a terrorist attack or other bad actor. 

Although initial analysis of the blackout indicates that it was not a terrorist 
event, we can be sure our enemies noticed the effect the blackout had on the nation. 
I note that in Ambassador Black’s prepared remarks, from the first part of this 
hearing on September 4, he asserted that “the recent blackouts in this country serve 
as an urgent reminder that there remain vulnerabilities for terrorists to exploit.” 

The examples of the interconnected nature of our critical infrastructures are end- 
less. As Assistant Secretary Liscouski notes in his prepared remarks “If one infra- 
structure is affected, many other infrastructures will likely be impacted.” Colonel 
McDaniel’s prepared remarks provide dramatic examples of the truth of those re- 
marks. 

Furthermore, experience shows us that intentional attacks other than a failure of 
the power grid can also disrupt the economy. The SoBig computer virus caused cer- 
tain CSX rail routes to shut down on August 20, until a manual backup system 
started the trains running again. Without railroads to deliver coal, the nation would 
lose 60 percent of the fuel used to generate electricity. A computer virus or even 
a series of targeted terrorist attacks that shut down our rail, telecommunications, 
or fuel delivery systems could once again plunge significant parts of the nation into 
blackout and adversely affect the economy. 

As recently as September 5, Larry Mefford, the FBI’s Assistant Director for 
Counterterrorism, who also testified at the first part of this hearing, stated that the 
FBI has evidence of al-Qaeda’s continued presence in the United States, and that 
the FBI’s primary worry is that there might be terrorists here whom the FBI has 
not identified and more who are trying to enter the country. We know that al-Qaeda 
has assessed the possibility of attacking our power plants and transportation sys- 
tems. Our ability to assess and protect against the very real threats to our infra- 
structure is crucial to our war on terror. 

We learned many unfortunate lessons from September 11th. One of them is that 
our first responders often do not have the capability to communicate on shared radio 
channels even within the same city or town. The blackout confirmed this is still a 
problem. We need to ensure that additional spectrum bandwidth is in the hands of 
first responders as quickly as possible. We need to continue our efforts to enhance 
the communications capabilities of our first responders, as well as communications 
between federal, State and local officials. 

We formed DHS seven months ago with the intent that the attacks of September 
11, 2001, would never happen again. I am eager to hear what progress the Depart- 
ment has made towards this goal. 

I thank all our witnesses for being with us and look forward to your testimony. 

DHS is actively engaged in many areas, and the directorate that 
you are involved in is of special interest to many members and sub- 
committees. We have received your written testimony and ask that 
you just briefly summarize your testimony. You have 5 minutes, 
and thank you for being here. 

STATEMENT OF THE HONORABLE ROBERT LISCOUSKI, AS- 
SISTANT SECRETARY, INFRASTRUCTURE PROTECTION, DI- 
RECTORATE, DEPARTMENT OF HOMELAND SECURITY 

Mr. Liscouski. Thank you Chairman Camp and Chairman Ses- 
sions and members of the committee. It is a pleasure to appear be- 
fore you today to discuss the implications of power blackouts for 
the nation’s cybersecurity and the critical infrastructure protection. 

The Information Analysis and Infrastructure Protection Direc- 
torate, and specifically my office of Infrastructure Protection, has 
been actively involved in the analysis of the cause of the blackout, 
and the implications of the blackout on security of the electric grid 
as a whole. I would like to provide a brief summary of the efforts. 
Following the regional power outage in the Northeast on August 
14, the Department of Homeland Security set up a crisis action 
team to monitor the situation and to conduct real-time analysis of 
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other potential events. The blackout is the first major event of its 
type that the IAIP team handled, and I am pleased to report that 
our team simultaneously tackled the issue from multiple angles. 

The Infrastructure Coordination Division focused on the outage 
itself and the operational impact of the infrastructures. The na- 
tional Cybersecurity Division looked into the possibility that the 
blackout might have been caused by a cyber-attack. And our Pro- 
tective Security Division assessed emerging vulnerabilities caused 
by the blackout to assess the “what is next” picture. Concurrently, 
the Information Analysis Office analyzed previous and current in- 
telligence traffic, and coordinated with the intelligence community 
and law enforcement partners to ascertain if the cause of the black- 
out was attributed to a terrorist or criminal activity. 

Additionally, the Homeland Security Operation Center was in- 
volved in the response effort, coordinating communications between 
state and local first responders, the administration and other fed- 
eral agencies. Situational awareness of the affected area, the entire 
nation, was maintained throughout the event. DHS coordinated 
with sectors affected by the outage, both updating them on infor- 
mation related to the cause and responding to requests for informa- 
tion. While no actionable threat information emerged during the 
event, it is important to note that the ability to communicate with 
the infrastructure sectors was in place to facilitate the sharing of 
information. Our coordination and monitoring of activities was not 
limited to the energy sector, but included telecommunications, 
banking, finance, health services, transportation and the water sec- 
tor. 

While the national focus was primarily on the blackout and its 
cause, our teams were hard at work assessing the cascading effects 
into other sectors. Interdependencies among the sectors were again 
demonstrated by this event. Seven major petroleum refineries sus- 
pended operations, many chemical manufacturing plants were shut 
down, grocery stores lost perishable inventories, air traffic ceased 
at several major airports, and emergency services capacity was 
tested. Web sites were shut down. ATMs did not work in the af- 
fected areas and the American Stock Exchange did not operate for 
a period of time. The effect of the blackout highlighted what we al- 
ready knew at the department. If one infrastructure is affected, 
many other infrastructures are likely to be impacted as well. In- 
deed, all the critical infrastructure sectors were affected by this 
event. Understanding the vulnerabilities and interdependencies as- 
sociated with cascading events is an area of great importance to 
the department. We have people focused on this issue to ensure we 
can anticipate those affects, prioritize our efforts based upon the 
bigger picture, not just reacting to the easily and the immediately 
observed. 

Preventing a physical or cyber attack on key nodes of our na- 
tion’s power grid is a fundamental effort to protecting the home- 
land. Accordingly, DHS is working closely with the Department of 
Energy and other federal agencies as we identify factors that 
caused and contributed to the blackouts and look for protective 
measures to prevent such an outage in the future. 

On August 28, I was appointed the co-chair to the Security Work- 
ing Group of the U.S.-Canada Power System Outage Task Force. 
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The Security Working Group is focused on determining if a cyber 
event directly caused or significantly contributed to the events of 
August 14. The data collection and analysis is ongoing and much 
work remains to be done before we have a definitive answer. IAIP 
was tasked with ensuring that the Secretary and the President had 
the complete picture of what was happening during the event, look- 
ing for areas that might be more vulnerable as a result in coordi- 
nating the information flow throughout the sectors with other fed- 
eral agencies. 

We learned valuable lessons. We are incorporating those lessons 
today. I am proud of the way the IAIP team responded to this 
event and I am confident that we are developing a solid team that 
Americans can count on in difficult times, whether they be in times 
of heightened threats, attempted attacks or blackouts or other nat- 
ural disasters. 

While it will be some time before the task force determines the 
exact cause of blackout, we know the system is vulnerable and we 
maintain a daily watch over what parts of the grid might be more 
vulnerable to attack because of system operations. We have con- 
ducted vulnerability assessments at power facilities. We have a 
protection strategy for key components. And we are working with 
the industry and our federal partners to determine the best way to 
implement that strategy. We have made progress. Our work is on- 
going. We have a lot of work ahead of us. 

I look forward to your questions after the conclusion of Ms. 
Swink’s statement. 

[The statement of Mr. Liscouski follows:] 

PREPARED STATEMENT OF THE HON. ROBERT LISCOUSKI 

Thank you Chairman Thornberry, Chairman Camp and Members of the Com- 
mittee. It is a pleasure to appear before you today to discuss the implications of 
Power Blackouts for the Nation’s Cybersecurity and Critical Infrastructure Protec- 
tion. 

The Information Analysis and Infrastructure Protection Directorate (IAIP), and 
specifically my office, Infrastructure Protection, has been actively involved in the 
analysis of the cause of the blackout and the implications of the blackout on security 
of the electric grid as a whole. Let me provide you with a summary of our efforts. 

Following the regional power outage in the Northeast on August 14, 2003, the De- 
partment of Homeland Security (DHS) set up a Crisis Action Team (CAT) to monitor 
the situation and to conduct real-time analysis of other potential events. The black- 
out was the first major event of its type that the IAIP team handled and I am 
pleased to report that our team simultaneously tackled the issue from multiple an- 
gles. The Infrastructure Coordination Division focused on the outage itself and the 
operational impact on the infrastructures, the National Cyber Security Division 
looked into the possibility that the blackout might have been caused by a cyber at- 
tack, and our Protective Security Division assessed emerging vulnerabilities caused 
by the blackout to assess the “what’s next” picture. Concurrently, Information Anal- 
ysis (IA) entities analyzed previous and current intelligence traffic and coordinated 
with Intelligence Community and Law Enforcement partners to ascertain if the 
cause of the blackout was attributed to a bad actor. Additionally, the Homeland Se- 
curity Operations Center was involved in the response effort, coordinating commu- 
nications between state and local first responders, the administration, and other fed- 
eral agencies. Situational awareness of the affected area, and the entire nation, was 
maintained throughout the event. 

DHS coordinated with the sectors affected by the outage, both updating them on 
information related to the cause and responding to requests for information. While 
no actionable threat information emerged during the event, it is important to note 
that the ability to communicate with the infrastructure sectors was in place to facili- 
tate the sharing of information. 
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Our coordination and monitoring activities were not limited to the energy sector, 
and included telecommunications, banking/finance, health services, and transpor- 
tation. 

While the national focus was primarily on the blackout and its cause, our teams 
were hard at work assessing the cascading effects into other sectors. Interdepend- 
encies among the sectors were again demonstrated by this event: seven major petro- 
leum refineries suspended operations; many chemical manufacturing plants were 
shut down; grocery stores lost perishable inventories; hospital emergency rooms 
treated an above average number of cases of suspected food poisoning; air traffic 
ceased at several major airports; and emergency services capacity was tested. 
Websites were shut down, ATMs did not work in affected areas and the American 
Stock Exchange did not operate for a period of time. The effect of the blackout illu- 
minated what we already knew at the Department: If one infrastructure is affected, 
many other infrastructures will likely be impacted. Indeed, all of the critical infra- 
structure sectors were affected by this event. 

Understanding vulnerabilities and the interdependencies associated with cas- 
cading events is an area of great importance to the Department, and we have people 
focused on the issue to insure that we can anticipate effects and prioritize our ef- 
forts based on the bigger picture, not just reacting to what is easily and immediately 
observed. 

Preventing a physical or cyber attack on key nodes of the nation’s power grid is 
fundamental to protecting our Homeland. Accordingly, DHS is working closely with 
the Department of Energy and other federal agencies as we identify the factors that 
caused and contributed to the blackout, and look for protective measures to prevent 
such an outage in the future. 

As has been widely reported, the portion of the power grid affected by the August 
14th blackout is made up of a very complex interconnected network of scores of sep- 
arate companies that includes hundreds of power-generation facilities. In addition 
to physical connections among the facilities involving the transmission of power, 
there are numerous cyber connections among their IT infrastructures and those of 
companies that were unaffected. There is a wide range in age and sophistication of 
the technologies upon which these systems depend. In recent years, the process con- 
trol systems that facilitate decision making in critical situations have often been 
made easier by the use of computer technology. The industry is in the process of 
moving forward with efforts to reduce possible vulnerabilities and improve cyber se- 
curity. This information provides a backdrop for why we are investigating the possi- 
bility of a cyber connection to the blackout. There is presently no evidence that the 
blackout was caused by any criminal or terrorist cyber attack, although we continue 
to coordinate and share information with law enforcement to support our investiga- 
tion. 

On August 28, I was appointed Co-Chair to the Security Working Group (SWG) 
of the U.S. — Canada Power System Outage Task Force. The SWG, which consists 
of Federal and State government representatives from the United States, as well as 
Canadian representatives, is focused on determining if a cyber event directly caused 
or significantly contributed to the events of August 14th. The data collection and 
analysis is ongoing and much work remains to be done before we have a definitive 
answer. 

IAIP was tasked with ensuring that the Secretary and the President had the com- 
plete picture of what was happening, looking for areas that might be more vulner- 
able as a result, and coordinating the information flow throughout the sectors and 
with other federal agencies. We learned some valuable lessons that have already 
driven some internal changes, such as institutionalizing joint operations within 
IAIP, and the absolute requirement of maintaining a forward-looking “what’s next” 
posture, not becoming focused exclusively on current events. 

I am proud of the way the IAIP team responded to this event and I am confident 
that we are developing a solid team that America can count on in difficult times, 
whether they be times of heightened threats, attempted attacks, or blackouts. 

While it will be some time before the Task Force determines the exact causes of 
the blackout, we know the system is vulnerable and we maintain a daily watch over 
what parts of the grid might be more vulnerable to attack because of system oper- 
ations. We have conducted vulnerability assessments at electric power facilities, we 
have a protection strategy for key components, and we are working with industry 
and federal partners to determine the best way to implement that strategy. 

Progress has been made, but the work is ongoing. I look forward to providing this 
committee and Congress with further updates. 

This concludes my prepared statement and I would be glad to answer any ques- 
tions you may have at this time. 
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Mr. Camp. Thank you very much. 

Ms. Swink? 

STATEMENT OF MS. DENISE SWINK, ACTING DIRECTOR, 
OFFICE OF ENERGY ASSURANCE, DEPARTMENT OF ENERGY 

Ms. Swink. Chairman Camp, Vice Chairman Sessions and mem- 
bers of the committees, my name is Denise Swink and I am the 
Acting Director of the Office of Energy Assurance at the U.S. De- 
partment of Energy, a position I have held since March of this 
year. 

At the Office of Energy Assurance, we contribute to the Depart- 
ment of Energy’s efforts to ensure that America’s homes, busi- 
nesses and industries have a secure and reliable flow of energy. 
Our activities are designed to protect our critical energy infrastruc- 
ture, detect problems quickly, mitigate the impacts of a failure at- 
tack, and recover rapidly from damage. We respond to a variety of 
potential threats including natural disasters, accidents, aging of 
system components and system reliability flaws. 

As you know, our energy infrastructure is vast, complex and 
highly interconnected. It includes power plants, electric trans- 
mission and distribution lines, oil and gas production sites, pipe- 
lines, storage and port facilities, information and control systems 
and other assets. Many of these entities own, operate, supply, build 
or oversee their infrastructure. The private sector owns about 85 
percent of these assets and a host of federal and state agencies reg- 
ulate energy generation, transport, transmission and use. 

Necessarily, our program uses a collaborative approach to coordi- 
nate all the various players and activities. Within the federal gov- 
ernment, coordination efforts are with the Department of Home- 
land Security, the Department of Transportation, the Department 
of Defense, the EPA, FEMA, FERC and at least seven other offices 
within DOE. We assist in state-level emergency response planning 
and preparedness, working through a variety of state organiza- 
tions. 

For the private energy sector, a sector liaison has been des- 
ignated for electricity, and one for oil and gas. We share informa- 
tion with key organizations in each of these sectors. On the inter- 
national front, we have agreements with both Canada and Mexico 
to coordinate energy assurance across our borders. Several univer- 
sities are helping us analyze specific physical and cybersecurity 
issues, and we have set up a laboratory coordinating council to co- 
ordinate at least 500 ongoing lab activities related to infrastructure 
protection. 

Training is an important component for improving system resil- 
ience. That and energy infrastructure lesson plans are in develop- 
ment for various stakeholder groups, and databases and visualiza- 
tion tools are being assessed to monitor and understand energy in- 
frastructure performance under various scenarios. All these coordi- 
nation efforts help to provide an effective national response in the 
face of threats or disruptions to our energy infrastructure. 

A review of the events that occurred immediately after the black- 
out will help to illustrate how we operate. On August 14, the de- 
partment activated its Emergency Operations Center. Staff mem- 
bers were assigned to monitor, analyze and mitigate impacts of the 
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events. Regular staff briefings were held with representatives of 
FERC, Nuclear Regulatory Commission and DHS. And we place 
representatives at the DHS watch office and the FEMA control cen- 
ter. Our Emergency Operations Center continued to monitor im- 
pacts and calculate resources. Specialists looked at diesel fuel for 
backup generators, remedial actions for pipeline outages, refinery 
production availability, and associated cascading energy supply im- 
pacts. 

Based on these analyses, DOE encouraged electric utilities to 
bring refineries in Ohio back online expeditiously, and we also co- 
ordinated dry route extension and fuel waivers for Michigan. With- 
in hours after the blackout, the Secretary directed the New Eng- 
land and New York independent system operators to energize the 
cross-sound cable, an action that is believed to have prevented roll- 
ing blackouts in New York after electricity was restored. 

On August 28, the Secretary indefinitely extended operation of 
the cable to benefit the transmission systems of New York and 
New England. Direct communications were established with state 
energy offices and state governors, while the DOE Office of Con- 
gressional and Intergovernmental Affairs issued status reports to 
Congress and responded to inquiries. To keep the public informed, 
DOE issued an August 14 statement about then blackout, and im- 
mediately posted information on its Web site. The Office of Public 
Affairs responded to hundreds of media calls and interview re- 
quests. The Secretary conducted multiple TV interviews on August 
15 to 18 to report progress. As power was restored, the Secretary 
worked with state and local officials to urge citizens in affected 
areas to restrain their energy use until systems stabilized. 

As you know, President Bush and Prime Minister Chretien es- 
tablished a joint U.S. -Canada task force to discover why the black- 
out occurred, how it spread, and to prevent a recurrence. The task 
force has been gathering and analyzing information on tens of 
thousands of events that occurred over 34,000 miles of trans- 
mission lines, and involved hundreds of generation stations, switch- 
ing facilities and circuit protection devices. The investigation is 
being conducted through three separate, yet coordinated, working 
groups, electric system working group, the nuclear power group, 
and the security group. These groups, as Bob mentioned, are mak- 
ing progress. On September 12, the task force released the DTL 
time line of events that led to the blackout. This is an essential tool 
for reconstructing the events of August 14. 

In summary, coordination among the many entities involved in 
our energy infrastructure is essential to help us prevent energy 
outages and ensure quick response and recovery if one occurs. Our 
planning and coordination efforts prior to August 2003 laid the 
groundwork for successful coordination after the blackout occurred. 
The time line released by the joint U.S. -Canada task force will 
allow the working groups to move forward in uncovering the root 
causes of the blackout. We are putting the puzzle together and pro- 
ceeding as quickly as possible without sacrificing accuracy. 

[The statement of Ms. Swink follows:] 
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PREPARED STATEMENT OF DENISE SWINK 

My name is Denise Swink. I am Acting Director and Deputy Director of the Office 
of Energy Assurance in the U.S. Department of Energy, a position I have held since 
March of this year. The Office of Energy Assurance is responsible for leading the 
Department of Energy’s effort to ensure a secure and reliable flow of energy to 
America’s homes, businesses, industries, and critical infrastructures. Energy assur- 
ance addresses a variety of potential threats including natural disasters, accidents, 
terrorism, aging assets, system reliability, and cascading failures involving related 
infrastructures. DOE’s Office of Energy Assurance addresses these threats using 
several strategies: protection of energy systems, detecting problems quickly, miti- 
gating the impact of a failure or attack, and recovering rapidly from damage. We 
work in close collaboration with the Department of Homeland Security (DHS) and 
in partnership with the energy industry, state and local governments, and other fed- 
eral agencies. Because of the importance of energy assurance, my Office reports di- 
rectly to the Deputy Secretary of Energy. 

The Office fulfills key federal responsibilities for energy assurance that date back 
to the origins of the Department of Energy. Selected legislative authorities include 
the Department of Energy Organization Act, the F ederal Energy Administration Act 
of 1974, the Federal Power Act, the Public Utility Regulatory Policies Act of 1978, 
and the Robert T. Stafford Disaster Relief and Emergency Assistance Act. Many of 
these authorities address the powers and responsibilities of the Secretary of Energy 
during energy emergencies but some cover the broad responsibilities of the Sec- 
retary in ensuring that consumers have available an adequate and reliable supply 
of energy. The Office also fulfills federal responsibilities for securing and improving 
the energy infrastructure that are outlined in the President’s National Strategy for 
Homeland Security and the President’s National Energy Policy. 

The Office of Energy Assurance focuses on six priority areas that address these 
responsibilities and respond to the findings of leading studies of the reliability of 
the energy infrastructure conducted over the past seven years and vulnerability as- 
sessments conducted after September 11,2001. The six focus areas are: 1) Energy 
Emergency Support and Management, 2) State and Local Government Support, 3) 
Criticality of Energy Assets, 4) Enabling Partnerships, 5) Technology Development 
and Application, and 6) Policy and Analysis Support. These are all critical elements 
of developing a balanced approach to our immediate energy protection needs and 
our longer term energy assurance needs. 

The Nation’s energy infrastructure is vast, complex, and highly interconnected. It 
encompasses a multitude of power plants, electric transmission and distribution 
lines, oil and gas production sites, pipelines, storage facilities, port facilities, infor- 
mation and control systems, and other assets that are integrated into our national 
energy system. This energy infrastructure is also the backbone for other critical in- 
frastructures such as telecommunications, transportation, and banking and finance. 
In addition, there are a large number of entities that own, operate, finance, supply, 
control, build, regulate, monitor, and oversee our energy infrastructure. Eighty-five 
percent of the Nation’s infrastructure is owned by the private sector. Regulation and 
oversight of energy production, generation, transportation, transmission, and use is 
governed by a host of federal agencies and states. As a result, a successful program 
in energy assurance must involve a collaborative approach that includes public-pri- 
vate partnerships to coordinate the various players and activities. 

Coordination and collaboration are central principles of our approach to energy as- 
surance. President Bush stated that homeland security is a shared responsibility 
that requires a national strategy and compatible, mutually supporting state, local 
and private sector strategies. This approach was embodied in the National Strategy 
for Homeland Security. The Department of Energy has lead federal responsibility 
for working with the energy sector in protecting critical infrastructures and key as- 
sets, in collaboration with the Department of Homeland Security. Two additional 
strategies, the National Strategy for the Physical Protection of Critical Infrastruc- 
tures and Key Assets, and the National Strategy to Secure Cyberspace, expound on 
this responsibility and direct the Department of Energy to develop and maintain col- 
laborative relationships with state and local governments and energy industry par- 
ticipants. 

We work closely with the Department of Homeland Security, which leads, inte- 
grates, and coordinates critical infrastructure protection activities across the federal 
government. To aid this effort, DOE and DHS are in the process of developing a 
Memorandum of Agreement between the two agencies that will outline specific 
areas of collaboration and responsibilities. This encompasses critical infrastructure 
protection of physical and cyber assets, science and technology, and emergency re- 
sponse. We are also beginning to work with key parts of DHS, such as the Coast 
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Guard and the Federal Emergency Management Agency (FEMA), to determine how 
best to coordinate our efforts. For example, in July we attended a meeting which 
included representatives of DOE, DHS, the Defense Intelligence Agency, and the 
National Institute of Standards and Technology to consider options for developing 
a collaborative National SCADA Program. This program would help improve the 
physical and cyber security of supervisory control and data acquisition (SCADA) sys- 
tems, which are used in the energy sector to remotely control and manage the flow 
of electric power and fuels throughout the energy infrastructure. 

We also work with other federal agencies that have energy-related responsibil- 
ities. We work closely with the Department of Transportation’s Office of Pipeline 
Safety to coordinate our respective efforts and identify areas for collaboration. We 
also coordinate with the Environmental Protection Agency (EPA) to avoid redundant 
efforts with petrochemical facilities. During the recent blackout, we assisted EPA in 
their review of Michigan’s fuel waiver, which was ultimately granted. The waiver 
allowed the sale of 9 RVP gasoline in lieu of 7.8 RVP gasoline, which created more 
available resources for the State of Michigan and thereby prevented a possible gaso- 
line shortage. We also partnered with several federal agencies (including the Fed- 
eral Energy Regulatory Commission (FERC)), state regulators, and industry to as- 
sess the implications of a loss of natural gas supply to certain regions of the country. 
This study will help government policymakers and the natural gas industry to re- 
duce the industry’s vulnerability to terrorism, operational disruptions, and natural 
disasters. 

Within the Department of Energy, we coordinate across a variety of offices: 

• DOE’s new Office of Electric Transmission and Distribution on issues related 
to the electric grid, most notably the recent blackout, which I will expand upon 
later; 

• The Office of Security to improve the operations of DOE’s Emergency Oper- 
ation Center. 

• The Chief Information Officer on the development of a joint facility to support 
continuity of operations; 

• The Office of Energy Efficiency and Renewable Energy’s regional offices to 
support our meetings With state energy offices; 

• The Office of Fossil Energy on new technologies to harden oil and gas pipe- 
lines; 

• The Office of Science on visualization techniques through their Advanced Sci- 
entific Computing Research Program; and 

• The Office of Independent Oversight and Performance Assurance on cyber se- 
curity protection. 

Collaboration with the private sector is critical to improving energy assurance. As 
part of the President’s strategy, we have designated “sector liaisons” to work with 
the electricity and oil and gas sectors. These liaisons in turn employ “sector coordi- 
nators” who function as DOE’s primary interfaces on energy infrastructure security 
issues. DOE’s sector liaisons share information and discuss coordination mecha- 
nisms with the American Petroleum Institute (API), the American Gas Association 
(AGA), the Interstate Natural Gas Association of America (INGAA), the Gas Tech- 
nology Institute (GTI), the National Propane Gas Association (NPRA), the Edison 
Electric Institute (EE1), the Electric Power Research Institute (EPRI), the National 
Rural Electric Cooperative Association (NRECA), the American Public Power Asso- 
ciation (APPA), and the North American Electric Reliability Council (NERC). For 
example, we are participating in NERC’s Critical Infrastructure Protection Advisory 
Group and have briefed them on our activities related to electric reliability and 
cyber protection. We have had similar discussions on our oil and gas activities with 
API, which serves as the sector coordinator for oil and gas. To help create a strong 
business case for security investment, we are also collaborating on potential studies 
with the Council on Competitiveness. 

States and local governments are also essential parts of energy assurance. They 
are responsible for emergency planning and response, and are the organizations 
that citizens turn to in times of crisis. We support a variety of state efforts to plan 
for, respond to, and mitigate actions that adversely affect the energy infrastructure 
and disrupt energy supplies. In the short time our program has been in existence, 
we have held several meetings with the National Association of State Energy Offi- 
cials (NASEO), the National Governors Association (NGA), the National Association 
of Regulatory Utility Commissioners (NARUC), and the National Conference of 
State Legislatures (NCSL) to better understand how we can assist the states with 
emergency planning, emergency response tools, training and education, and ele- 
vating public awareness. We funded an NCSL study of energy security guidelines 
and options for state legislatures which was published in April 2003. We have addi- 
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tional efforts underway to develop model state guidelines for energy assurance plans 
and improved systems and procedures for multi-state coordination. 

There are several other types of coordination underway which deserve mention. 
First and foremost, we tap the excellent scientific and technical resources of our na- 
tional laboratories to address energy assurance issues. DOE has already identified 
over 500 ongoing activities in the national laboratories related to the protection of 
our Nation’s critical infrastructures. We have also initiated a Laboratory Coordi- 
nating Council, representing all our major laboratories, to coordinate capabilities 
and activities related to infrastructure protection that can help meet our energy as- 
surance challenges. We are also working with several universities on physical and 
cyber security issues. As part of our technology assessment efforts, we engaged Car- 
negie Mellon University to characterize needs related to vulnerabilities in the elec- 
tricity sector. We are also exploring opportunities with George Mason University’s 
Critical Infrastructure Protection Project. Our program is utilizing the greatest re- 
pository of physical structure engineering expertise — the International Union of Op- 
erating Engineers (IUOE). DOE and IUOE have begun development of energy as- 
surance training curricula for energy infrastructure stakeholder groups, with initial 
courses offered by the International Union of Operating Engineers. 

As the recent blackout demonstrated, our energy systems are interconnected with 
our North American neighbors. We cannot ignore the importance of coordinating en- 
ergy assurance across our borders. Canada’s electric grid is interconnected with the 
U.S. grid across our northern border and nearly all of Canada is an integral part 
of three of the ten NERC regions. As you know, we are currently working with Can- 
ada on the Task Force to investigate the cause of the blackout, which I will discuss 
in a moment. Although there are fewer electricity interconnections with Mexico, 
there are two small portions of Mexico that are also part of NERC regions. However, 
the United States also has bilateral agreements with Mexico under the Mexico- 
United States Critical Infrastructure Protection (CIP) Framework for Cooperation 
and the Smart Borders Initiative. In these, we agree to develop mechanisms for ex- 
changing information on threats, sabotage and terrorist actions and provide coordi- 
nation and cooperation in actions and measures to address detected vulnerabilities 

The present concern of this Committee is how coordination works when a critical 
infrastructure fails, such as in the August 2003 blackout. I mention all these coordi- 
nation efforts because I believe they provide the foundation for an effective national 
response for energy assurance. 

Our process for helping others prepare for emergencies includes several elements. 
First, each electric energy provider is required to file an Emergency Incident and 
Disturbance Report when a system disruption occurs that meets certain criteria. An 
initial report must be filed within one hour and a final report within 48 hours. This 
allows DOE to be aware of potential major electric energy problems. Second, we pro- 
vide active support for two Information Sharing and Analysis Centers (ISACs): the 
Energy ISAC (for oil and gas) and the Electricity Sector ISAC (for electricity). These 
ISACs provide a mechanism by which the industry can share important information 
about vulnerabilities, threats, intrusions, and anomalies among energy companies 
and provides a mechanism to communicate with the government The energy ISACs 
also coordinates with other ISACs. For example, during the blackout the Electricity 
Sector ISAC was in communication with the Telecom ISAC to monitor how electric 
problems might affect telecommunications. Our Office is coordinating with the en- 
ergy ISACs and providing some financial support for their operation. Third, DOE 
participates in the Federal Response Plan through Emergency Support Function 
#12, Energy Annex. In the Plan, which is prepared by DHS/FEMA, DOE is the lead 
organization to gather, assess, and share information on energy system damage and 
impacts during an emergency. 

Let me now review the events that took place immediately after the blackout oc- 
curred and explain how we coordinated within the Department, with other federal 
agencies, with the energy sector, and state and local governments. 

On August 14, the Department’s Emergency Operations Center (EOC) was acti- 
vated with all relevant staff gathering there. Assignments were made regarding 
monitoring, analysis and mitigation of impacts of the event. Schedules were devel- 
oped for convening status briefings. Federal Energy Regulatory Commission, Nu- 
clear Regulatory Commission and Department of Homeland Security had a con- 
tinual presence with their staff, too. DOE had representatives at the DHS Watch 
Office and FEMA Control Center, too. 

The security of DOE’s facilities was assessed, and it was determined that only the 
Brookhaven National Laboratory in New York was affected. For that facility, backup 
emergency power was available and increased security police personnel were called 
up and deployed. DOE’s security activities were coordinated with the FBI, the Na- 
tional Joint Terrorist Task Force, and DHS. 
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With respect to monitoring of the event unfolding, an open phone line was con- 
nected to NERC. Market impact assessments were made continually. Determina- 
tions were made on availability of diesel fuel for backup generators. Availability of 
additional backup generators was researched, and commitments for delivery if need- 
ed were obtained. Pipeline outages were assessed to determine if remedial actions 
were required. Production availability of refineries was determined, as were associ- 
ated cascading impacts of disruptions. These monitoring and assessment activities 
led to DOE intervening to encourage more direct support by electric utilities for 
bringing petroleum refineries in Ohio back into production, and ultimately coordi- 
nating drive hour extension and fuel waivers for Michigan. 

On August 14, 2003, and only hours after the blackout occurred, the Secretary 
issued an order pursuant to his authority under section 202(c) of the Federal Power 
Act, directing the New England and New York Independent System Operators to 
energize and operate the Cross-Sound Cable. The Secretary issued the order because 
he determined that an emergency existed and that issuance of the order would al- 
leviate the emergency and serve the public interest. Before issuing the order, the 
Secretary had received the unanimous recommendation of the North American Elec- 
tric Reliability Council, the New York Independent System Operator (NYISO), ISO 
New England, Inc. (NEISO), and electric utilities in both New York and Connecticut 
supporting issuance of an emergency order. 

The Cable was energized a short time after his order was issued. Within hours, 
it was delivering 300 MW of energy from Connecticut to Long Island and also pro- 
viding valuable voltage support and stabilization services for the electric trans- 
mission systems in both New England and New York. It has been reported that op- 
eration of the Cable prevented rolling blackouts from occurring in New York in the 
hours immediately after electric service was restored. 

On August 28, the Secretary issued another order that extended indefinitely the 
period that the Cross-Sound Cable could be operated. The August 28 order also di- 
rects Cross-Sound to continue providing voltage support and stabilization services, 
which benefit the transmission systems of both New York and New England. The 
August 28 order stated that "it has not yet been authoritatively determined what 
happened on August 14 to cause the transmission system to fail resulting in the 
power outage, or why the system was not able to stop the spread of the outage." 
Because these questions have not yet been answered, the appropriate responses ob- 
viously have not yet been identified or taken. Therefore, the Secretary determined 
that an emergency continues to exist and operation of the cable should continue to 
be authorized. 

With respect to State coordination, affected State Governors were contacted and 
an open communication process was established. Direct communications were estab- 
lished with State Energy Offices. 

Letters to Members of Congress were written with the most current status infor- 
mation, and staff within the Office of Congressional and Intergovernmental Affairs 
were made available for inquiries from 8 AM to 8 PM each day. DOE staff was 
available for visits to Members’ offices on request. 

As part of the Department of Energy’s response to the blackout of August 14, 
there were a number of public communications items. The Department issued a 
statement on August 14, coordinated by Deputy Secretary Kyle McSlarrow, noting 
that DOE had initiated its protocol for contingency situations. The statement noted 
that DOE was working with appropriate agencies including FERC, the Nuclear Reg- 
ulatory Commission (NRC), FEMA, and DHS, as well as entities such as the North 
American Electric Reliability Council to assess the situation. 

The Department immediately updated its website by adding a special section on 
its homepage with information related to the blackout. For example, all statements 
released from the Department were highlighted, as was general information on 
transmission grids and frequently asked questions on electricity. Reporters and the 
public often found answers to their questions. More than one reporter who called 
DOE’s Office of Public Affairs noted the usefulness of the website information. 

DOE’s Office of Public Affairs answered hundreds of media calls and interview re- 
quests on August 14 and in the days following. An impromptu “blackout” media e- 
mail list was created for quick access to these reporters. In addition, the Secretary 
of Energy conducted multiple TV interviews from August 15 to 18 to communicate 
with the public on progress being made to resolve the blackout. 

As power began to be restored, the Secretary of Energy issued a statement urging 
citizens of the areas affected by the blackout to use caution in energy use while the 
system was coming back on line. DOE worked with state and local officials on get- 
ting the message out that appliance use should be cut back until systems stabilized. 

Following the blackout on August 14, President Bush and Prime Minister 
Chretien established a Joint US-Canada Task Force to investigate the cause of the 
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blackout, discover why it spread to such a large area, and determine ways to pre- 
vent any recurrence. Secretary Abraham and Canadian Minister of Natural Re- 
sources Herb Dhaliwal serve as Co-Chairs of that Task Force. 

In addition to Secretary Abraham, the U.S. members of the Task Force are Tom 
Ridge, Secretary of Homeland Security; Pat Wood, Chairman of the Federal Energy 
Regulatory Commission; and Nils Diaz, Chairman of the Nuclear Regulatory Com- 
mission. In addition to Minister Dhaliwal, the Canadian members are Deputy Prime 
Minister John Manley; Kenneth Vollman, Chairman of the National Energy Board; 
and Linda J. Keen, President and CEO of the Canadian Nuclear Safety Commission. 

The Task Force has an enormous job. From the first day, they’ve been in the field 
collecting and verifying vast amounts of detailed data from power generating plants, 
control facilities, utilities, and grid operators. In essence, they are busy gathering 
and analyzing information on tens of thousands of individual events that occurred 
over 34,000 miles of voltage transmission lines and involved hundreds of power gen- 
erating units and thousands of substations, switching facilities, and circuit protec- 
tion devices. The teams have been interviewing and collecting records on the numer- 
ous people, policies, and procedures that play a part in our complex power infra- 
structure. 

The investigation is being conducted through three separate yet coordinated work- 
ing groups focused on the Electric System, Nuclear Power, and Security. 

The Electric System Working Group, led by experts at the Energy Department 
and the Federal Energy Regulatory Commission along with Natural Resources Can- 
ada, is focusing on the transmission infrastructure, its management, and its func- 
tioning. 

The Nuclear Power Working Group, managed by the Nuclear Regulatory Commis- 
sion and the Canadian Nuclear Safety Commission, is examining the performance 
of nuclear plants in the affected area during the blackout. 

The Security Working Group, which is managed by the Department of Homeland 
Security and the Canadian government’s Privy Council Office, is assessing the secu- 
rity aspects of the incident, including cyber security. 

The good news is that these groups are making real headway. On September 12, 
the Task Force released a detailed timeline of events that led up to the blackout. 
This timeline is an essential tool for reconstructing the events of August 14 so that 
we can successfully understand exactly what caused the blackout. 

The Electric System Working Group’s assignment is challenging due to the sheer 
size and complexity of interrelationships among the diverse components of the elec- 
tricity infrastructure. Recognizing the scope of this challenge, the Electric Systems 
Group has enlisted additional expert assistance. Technical experts with the Inde- 
pendent System Operators in the affected regions and with NERC are working with 
members of this group to determine how all the events are interrelated. They are 
also examining the procedures and control mechanisms that were designed to pre- 
vent a blackout from spreading from one area to another. 

The Consortium for Electric Reliability Technology Solutions (CERTS), which has 
broad expertise in transmission and power delivery issues, is also assisting with 
Working Group. This team includes some of the world’s top authorities on power 
system dynamics, transmission engineering and reliability, grid configuration, 
wholesale power markets, and outage recovery. 

This group led the study of the 1996 blackout in the West and also helped DOE 
produce the comprehensive National Transmission Grid Study that recommended 
grid upgrades to meet transmission demands in the 2151 century. Transmission ex- 
perts from the Bonneville Power Administration are also providing technical assist- 
ance. 

The Security Working Group includes members from DHS, DOE, the National Se- 
curity Agency, the United States Secret Service, the Federal Bureau of Investiga- 
tion, and NERC. This group is examining whether a physical or cyber security 
breach contributed to the cause of the blackout. 

The Security Working Group is working with the other Task Force Working 
Groups; developing an inquiry plan that articulates a detailed timeline for review 
of data including forensics, and interviews of company representatives to better un- 
derstand each company’s cyber topology; and working to obtain the detailed sup- 
porting data that will allow the team to better understand what caused, did not 
cause, or may have contributed to the events of August 14. 

In summary, our vast energy infrastructure is built, managed, operated, regu- 
lated, and overseen by a large number of entities. Coordination among these stake- 
holders is essential to help prevent energy outages and ensure quick response and 
recovery if one occurs. The Department of Energy’s planning and coordination ef- 
forts prior to the August 2003 blackout laid the groundwork for success coordination 
after the blackout occurred. The blackout time line released by the Joint US-Canada 
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Task Force will allow the working groups to move forward in uncovering the root 
causes of the blackout. We are putting the puzzle together and proceeding as quick- 
ly as possible without sacrificing accuracy. 

Mr. Camp. Thank you very much. Thank you both for your testi- 
mony. 

Mr. Liscouski, I just have a couple of questions. I wondered what 
office or division played the lead role in responding to the events 
of August 2003, the blackout? 

Mr. Liscouski. Yes, sir. Within the context of DHS? 

Mr. Camp. Yes, within the context of DHS. 

Mr. Liscouski. The way the events unfolded, I would say the 
lead office was the IAIP office. We had the initial reports to our of- 
fice about the blackout that enabled us to reach out to the private 
sector and to the sector at-large to get situational awareness 
around what was occurring. As soon as we were able to determine 
what did occur, we quickly coordinated with the other offices and 
directorates within DHS and the responsibility for that coordina- 
tion moved over to the Homeland Security Operations Center. 

Mr. Camp. All right. Is that who also has the lead in assessing 
the causes of the outage and why? Or is that another part of the 
agency? 

Mr. Liscouski. No, sir. In the context of the Security Working 
Group, the Infrastructure Protection Office has the lead responsi- 
bility for that. 

Mr. Camp. I am interested in your thoughts on what would have 
happened if the power outage lasted longer. As you testified, there 
were a lot of other areas that were impacted. Clearly, airports had 
shut down, and even when some reopened with their generators, 
the Customs computers were down and flights were diverted to 
other cities. Water systems shut down and restaurants that were 
not even in the power outage area could not open because their 
water supply was not safe. Can you talk a little bit about what 
might have happened had it gone longer in terms of the impact on 
infrastructure and public health? 

Mr. Liscouski. Sure. In fact, we are in the process of doing the 
analysis right now. So at the top level, the assessment that I can 
provide to you is really based upon ongoing work. But I think it 
is fair to say that we had anticipated it. These types of events obvi- 
ously occurred before, and we have a number of redundant systems 
in place, particularly in some of the critical areas such as tele- 
communications in which we are able to have redundancies that 
mitigate the effects of these longer-term types of outages. 

I think you correctly point out the implications on immediate 
food supply and the potential there of what the implications might 
be. Fortunately, with the modeling we are doing we saw nothing 
catastrophic. Clearly, there were elements that were impacted. As 
we saw, the exchanges opened up shortly thereafter. So I think the 
positive result of our analysis so far is that many of the systems 
worked the way they were intended to do, providing more redun- 
dant capabilities and power with generation capabilities that al- 
lowed the systems to come back on fairly quickly. 

Mr. Camp. The Homeland Security Act of 2002 transferred the 
Department of Energy’s energy security and assurance functions to 
DHS. How well has that integration proceeded? 
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Mr. Liscouski. The integration has been working very well. The 
capabilities that were transferred over to DHS from the Office of 
Energy Assurance really provided us a baseline capability off of 
which we have leveraged significantly our ability to conduct vulner- 
ability assessments across all the critical infrastructure. So it has 
really allowed us to build the capability within DHS that, as I indi- 
cated, we have leveraged across all those infrastructures. We con- 
tinue to build our partnership with the Department of Energy’s En- 
ergy Assurance Office. 

Mr. Camp. So with respect to the blackout of August 2003, how 
is your assessment on how that integration worked with regard to 
that incident? 

Mr. Liscouski. Very well. I think our internal skill sets that 
came to us from the Energy Assurance Office worked very well in 
understanding exactly how we had to respond to it and what types 
of questions and expectations we had as we outage continued to un- 
fold. But I would say it is important to recognize that the real 
strength of what we have done is really the combination of other 
resources that came to DHS as well. So I would argue that if we 
did not have the elements from NIPC come to DHS, the elements 
of the NCS that came to DHS and the cyber components that we 
would have had as a stand-alone effort, they would have probably 
been within the same range of capabilities that they had if they re- 
mained at DOE. 

But the combination of the resources we had among all of those 
elements between cyber and our ability to reach out to the sectors 
across sectors, really amplified our ability to respond and under- 
stand what was going on in those sectors and really put a plan for- 
ward. That was really the critical point here that I think in the 
past historically had not been within the capability. We didn’t look 
at the event in a slice in time of the event occurring and that was 
all we were concerned about. The real advantage we had within 
DHS was the ability to keep one eye on that event and situational 
awareness to understand what was going on, but quickly also ex- 
trapolate from that event to how things may have progressed if in 
fact it were a terrorist event or how it might have been exploited 
if terrorists decided to take this as a target of opportunity, because 
we had people precisely looking at that going forward. That was a 
tremendous advantage which I would say did not exist before DHS 
came to be. 

Mr. Camp. Thank you very much. 

Mr. Sessions, you may inquire. 

Mr. Sessions. Thank you, Mr. Chairman. 

I appreciate both of you being here today. I would like to direct 
my question, if I could, to Director Swink. 

I know that the Energy and Commerce Committee has held any 
number of hearings concerning the blackout and what occurred. 
Today you are before the Homeland Security Select Committee. Are 
there lessons that we learned from this that you believe that to- 
gether with the Department of Energy and Homeland Security that 
you believe we should learn as a recommendation from you that 
don’t have to go through the processes of lawmaking and perhaps 
change things? 
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In other words, do you see something that we need to know per- 
haps today or will you be issuing a report that will say, “Here is 
something that happened, we need to change this rather quickly, 
and here are our recommendations”? Are you prepared at all today 
to address that? 

Ms. SwiNK. Yes, if I could make some comment. Actually, our 
table top, lessons learned, hardcore evaluation was set in our emer- 
gency operations center for tomorrow morning, but we have acti- 
vated it to respond to the issues with the hurricane, so we will 
have to postpone it some. But I can just say that, one, clearly a 
couple of the areas that I know, and I believe it is the same thing 
with DHS, one of them is that we have to get much better at hav- 
ing monitoring information readily available to government agen- 
cies, not intrusive, but the information so we are not always on the 
phone calling people to find out what is happening. We actually 
have some very good monitoring data available to us. And there are 
capabilities out there, and we will be exploring those. In addition 
to that the ability to, as Bob was talking about, run some scenario 
analyses based on that. We were very concerned about the refin- 
eries being down, especially the two in Ohio, and being able to 
have a capability that accurately helps us understand the product 
movement from those refineries, what their feedstock concerns are. 
I think we have a ways to go to develop that set of databases as 
well as the level of knowledge to do those scenarios. By the way, 
our notion is to make those tools available throughout the United 
States, available to state organizations and nonprofit organizations 
also. 

Mr. Sessions. Did part of your planning involve being notified by 
someone perhaps in Ohio, or on the actual site, to call someone to 
say, “We have problems; we want you to know this is not a ter- 
rorist attack; we think we know what it is,” or did you have to ini- 
tiate that call? In other words, was this part of the scenario, where 
they provided information to you from their basis, or did you have 
to seek that information to find out what had occurred? 

Ms. Swink. It was actually a combination. In some cases, we re- 
ceived calls. In other cases, we needed to call. But one of the things 
in working with state organizations that we have over the past sev- 
eral months, the state energy offices, the regulatory utility commis- 
sions, the state legislators, we are all working on developing a na- 
tionwide system that is a communications system that can aid the 
states, but also aid federal agencies in the energy area. 

Mr. Sessions. From this member’s perspective, I was very 
pleased. While I was not exactly aware of what was happening 
until probably they were in the midst of it, it looked organized. I 
believe that people came out very quickly and clearly and enun- 
ciated what we were looking at. I was very pleased to see up and 
down the line governors and other people who appeared to be work- 
ing together, instead of pointing fingers, and were concerned about 
solving the problem. I must say that I felt like from the perspective 
of homeland security, I felt very good that Homeland Security, De- 
partment of Energy, as well as the White House at least were in- 
volved and active and seemed to have a handle on it. 

I yield back my time. 

Mr. Camp. Thank you. 
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Ms. Sanchez may inquire. 

Ms. Loretta Sanchez of California. Thank you, Mr. Chairman. 

Mr. Secretary, on April 29 you briefed our subcommittee with re- 
spect to infrastructure and border security. In that slide, a 
PowerPoint presentation that you had, you outlined the depart- 
ment’s goal to assess and compile a list of critical infrastructure 
vulnerabilities and to address 60 percent of the vulnerabilities in 
the list within 180 days. It has been four-and-a-half months since 
that date. Can you tell me, does there exist a single document that 
comprehensively assesses the nation’s critical infrastructure risks 
and serves as a guide for us and for you in our efforts and as far 
as the spending program? And if not, when do you think that docu- 
ment is going to be ready? And in light of the 180-day time frame 
you discussed in the briefing, what progress have you made in as- 
sessing and addressing the 60 percent of the vulnerabilities? 

Mr. Liscouski. Thank you for the question. Actually, it is a good 
news story from my point of view. We really have made a signifi- 
cant amount of progress in addressing a lot of those vulnerabilities. 
I just want to clarify one point about that briefing. We really fo- 
cused on some of the more critical ones that were first categorized 
during the Operation Liberty Shield, if you recall correctly. When 
the Iraq war started, we created a list, and this was just before I 
started with DHS, to identify some of those things that we thought 
were most critical to protect during the course of the war. That was 
the list that we referred to during the course of that briefing. 

We have made some significant progress. I would be happy to 
share that with you in a written response downstream. But what 
we focused on were really a number of things during the course of 
that 180-day effort. As you recall, we were really focusing on how 
do we create DHS, you know, the IAIP director, the primary focus 
that I have been on all of a month, and we had to figure out what 
kind of business we were in. We were at war. We had a number 
of threats we had to respond to, and we had to build an organiza- 
tion. That was the primary focus, organizing ourselves around that 
war to really understand how we had to create an organization. 
And we have been moving out smartly on that. 

We have looked at a variety of the critical infrastructure sectors 
to determine what practices had to be put in place. We did the vul- 
nerability assessments. So, madam, I would say we are on track 
with the goals we set in that document. 

Ms. Loretta Sanchez of California. So you are telling me that in 
a month and a half, we are going to have a list with all of the very 
critical infrastructure sectors and where that infrastructure is, and 
what type of protection we need to do for it, or how we are going 
to protect and what it is going to cost us, and a prioritization of 
that list so that we on this committee can figure out where we get 
the dollars and how we are going to do this over time? 

Mr. Liscouski. And I will shortly retire right after that, too. 
[Laughter.] 

No. In fact, I was really referring to the Liberty Shield list. The 
other work in progress, and this is really an continuous work in 
progress, is the assessment of all the critical infrastructure 
throughout the United States. I did not mean to mislead you to 
think that we would have all that categorized in the next month 
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and a half. I would be surprised, frankly, if we had that done in 
the next 5 years. It is going to be an ongoing process. That is sort 
of peeling away the layers of the onion. The more you learn, the 
more you realize you do not know. Identifying the interdepend- 
encies among those critical infrastructures is also a body of work. 

So no, ma’am, I am sorry to say we are not going to have that 
list in that period of time, but clearly we will have our processes 
in place so we can begin to move. We are doing that work now, but 
that will be an ongoing process. I do not think that will ever end. 

Ms. Loretta Sanchez of California. What do you think are the 
most vulnerable infrastructure sectors and how do you make that 
determination? Do you do it asset by asset, regionally? Are you 
looking at it sector by sector? Can you give us some indication? I 
am sure you probably have this in writing somewhere and you will 
let us take a look at it. 

Mr. Liscouski. I think it is probably not fair to categorize one 
critical sector more vulnerable than another or more important 
than another. I think really there is a variety of contextual pieces 
here that have to be applied. The first is, what is the nature of the 
threat? The vulnerabilities really are contingent on the threat and 
your ability to negate those risks. 

So rather than getting into a discussion about what I believe is 
the most vulnerable, I think we look at those and all the priorities, 
and we have work around identifying all those critical infrastruc- 
tures. From our point of view, the nexus of what we do is con- 
stantly looking at threat information and then mapping those 
threats into the vulnerabilities we have identified. 

At this point, we really are threat-driven. We are constantly 
turning over information we receive from the information analysis 
component and through the intelligence community. We are map- 
ping those threats against what we have identified as those 
vulnerabilities. I think the end-state of where we would like to go 
is multi-pronged, from our point of view. We are trying to raise the 
bar across all the critical infrastructures and we want to get out 
of the threat -response mode and much more into the programmatic 
approach of saying we want to bake in good security processes 
across all critical infrastructure, irrespective of the threat so we 
really lower vulnerabilities across the board. 

Ms. Loretta Sanchez of California. I know my time is up, but I 
am a little concerned about the fact that you said you are really 
threat-driven, because I hope this committee is not threat-driven 
and therefore we are really looking for less critical infrastructure, 
less vulnerabilities and a risk analysis so that we can decide where 
to put investment. I hope it is not because today they told us they 
were going to hit us in New York and tomorrow they are going to 
hit us in Alabama. 

Mr. Liscouski. If I may respond, I think it is worth clarification, 
and that is, again I will just remind the committee of the obvious 
here, that we have only been in business for 6 months. We have 
to respond to those things which we really do understand are being 
driven by factors outside of our control. But where we want to go 
at an end- state is really have a full understanding of all our 
vulnerabilities, and be much more focused on the vulnerabilities 
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and responding to the right remediation practices and best prac- 
tices and not be threat-driven at this point. 

Mr. Camp. Thank you. 

Ms. Dunn may inquire. 

Ms. Dunn. Thank you very much, Mr. Chairman. 

Welcome back, Mr. Liscouski. I had one question for you, actually 
two questions for you. 

How effective were your interactions, do you believe, during this 
crisis in the Northeast? How effective was Department of Home- 
land Security in communicating with other agencies? What were 
your frustrations? What would you like to be able to do better and 
more quickly and more effectively? 

Mr. Liscouski. I think DHS responded very well and I think, you 
know, pridefully, because I was part of the process. I am not going 
to self-criticize too much, but I will be candid with you. I think we 
did a very good job communicating across federal sectors. I know 
our partners with DOE, as Ms. Swink pointed out, we had their 
members on our CAT team, on our Crisis Action Team. There were 
also at the Homeland Security Operations Center. So the benefit 
we have had was we did not have to establish communications with 
our federal partners during the event because we had ongoing com- 
munications with our federal partners prior to the event. 

So that is the type of success story that I think DHS can tell very 
well. It is a continuous process. I would just emphasize the fact 
that we think about these things all the time, irrespective of 
whether there is an event or not. We are always in the mode of 
identifying what do we have to worry about. Because of that, we 
are in constant contact. So whether it is with DOE or EPA or who- 
ever it might be, we are constantly engaged. 

In terms of what we can improve better, there is always room for 
improvement. A continuous improvement process is what we are all 
about, particularly in a nascent organization such as DHS. So I 
think our own abilities to coordinate our processes, incorporating 
better technologies, as Denise pointed out, better visualization 
models, those things are process-oriented, but I think they are op- 
portunities for fixes for us. 

Ms. Dunn. This whole thing took place, and I had just given a 
speech a couple of days before on cybersecurity, cyberterrorism. 
One of the examples I used was how our power grid was linked 
into the Internet, and how it would be a target of vulnerability for 
terrorists. So 2 days later it happened, and I was watching with 
great interest as things happened on CNN. Very quickly, CNN 
came out and said that it was determined not to be a terrorist act. 
I am wondering, if you were involved in making that decision, how 
that decision was made and whether that is something that is still 
in flux and to be determined, or were we very quickly able to real- 
ize that it was not a terrorist act? 

Mr. Liscouski. I was a part of that process, but we relied heavily 
upon other partners in that process as well. The FBI, as you well 
know, and I think Larry Mefford testified last week about their in- 
volvement in that. So the combination between looking at the ac- 
tive investigation the FBI had ongoing, we did a very deep reach 
back as quickly as we could through our information analysis com- 
ponent, and through the intelligence community, to identify any 
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previous or existing threats that may have been out there. We 
looked at that. But the combination of the lack of intelligence about 
this, which from the world we come from that is not the final say, 
but the lack of physical evidence and any other attributes that we 
could identify as being related to criminal activity or terrorist activ- 
ity allowed us to conclude at the initial outset that there was no 
nexus of terrorism or criminal activity. But to your follow-on ques- 
tion, clearly the ongoing analysis of the cyber-data and other infor- 
mation is what we are still in the process of collecting and ana- 
lyzing to determine that conclusively. 

Ms. Dunn. Dr. Swink, did you have any comment on that? 

Ms. Swink. The one comment on assessing the cyber area is that 
if you want to describe an area that has been working very well 
in a partnership, the DOE National Laboratory System has a lot 
of expertise in the cyber area, and we have been working very well 
under Bob’s leadership of that working group. 

Ms. Dunn. Good to hear. Let me ask you another question, Ms. 
Swink. All of us realize that there are interdependencies within the 
energy sector, as well as across infrastructure sectors. I am espe- 
cially interested and concerned in how an attack on one center, 
such as on the power grid, could have serious effects on other crit- 
ical infrastructure, such as our transportation system and commu- 
nications systems. 

Which interdependencies are the most vulnerable in your opin- 
ion? Are there hidden interdependencies that have not yet been fo- 
cused on? 

Ms. Swink. The answer to the first question is that I don’t think 
there is one that is most important. And to give you an example 
of answering the second part of your question, for the Olympics we 
did a table-top exercise in Salt Lake City for all of the infrastruc- 
tures involved there, if there was a disruption there. And one of the 
things that came out that the telecommunications people had no 
understanding of was that they use a lot of water to cool their serv- 
er stations. If the power went out in Salt Lake City, the avail- 
ability of water pumped to their facilities to cool their facility 
would bring their server stations down. 

So I think what is important is for us to continue to work on 
these scenario analyses and work on regional exercises and table- 
top exercises, because that is where you become more intelligent 
and more understanding of what these interdependency and cas- 
cading effects can be. 

Ms. Dunn. Thank you very much. 

Thank you, Mr. Chairman. 

Mr. Camp. Thank you. 

Mr. Meek may inquire. 

Mr. Meek. Thank you, Mr. Chairman. 

It is good to be here at this committee today. I had some of the 
same questions as it relates to this, and we had a hearing just the 
other day in another subcommittee talking about power outage and 
what actually happened. I noticed, Mr. Secretary, in your testi- 
mony as it relates to the phone service was limited. I wanted to 
ask where did that come from? Where did that evidence come from 
as it relates to phone service being limited? 
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Mr. Liscouski. I am sorry. I am not so sure if I understand the 
question. 

Mr. Meek. I am sorry. I was reading your written testimony 
when you also stated here today that it was power outages. Tele- 
vision was at a limited basis, and also the telecommunications 
services were limited. How were they limited? 

Mr. Liscouski. If I recall correctly, and I can give you a more 
accurate answer in a written statement because we have done a lot 
of work on this. I recall the telecommunications system limitations 
really, Mr. Meek, I have to apologize. My sense is that some of the 
cell towers were out, and if I recall correctly, and again, I have a 
lot of data on this. I am just drawing a blank on the specific an- 
swer. 

The things that we do in terms of assuring these services is what 
I can focus on with an immediate response in terms of the national 
communications system is particularly adept in working with the 
telecommunications industry to assure those services and assure 
that, as Ms. Swink pointed out earlier, that we have the appro- 
priate fuel supplies going to the telecommunications providers for 
backup generators and things like that. 

The initial outage I believe was related to that coming online. 
Again, I have to apologize. I will get back to you with a written 
answer. 

Mr. Meek. No problem. It is just one statement that you made. 
It goes to my question when we had our hearing the other day talk- 
ing about telecommunications, and how it relates to communicating 
with the public when these things happen. I did make you aware 
of a piece of legislation that myself and many other members of the 
Congress are pushing as it relates to the ready-call bill, to make 
sure that individuals know what is going on when it is happening. 

I can tell you, Ms. Dunn asked a question about how quickly we 
were able to excuse the issue of terrorist attack or an attack on our 
Internet capabilities or infrastructure, but I think it is important 
that we continue to push the private sector and also the public sec- 
tor on the urgency. I am just kind of repeating myself yesterday, 
but since you are here today we have both agencies here. I think 
it is important that we remember that that is important while we 
are in somewhat calm waters. I know that there are going to be 
some task forces put together to make sure that that communicates 
from the private sector, and what homeland security has to do, 
what your agency has to do also towards moving us north. I look 
forward to working with you to that end. 

I am very, very interested as it relates to our telecommunication 
capability in the time of homeland attack or what could be a poten- 
tial attack in any geographical area to be able to communicate with 
Americans as expeditiously as possible and to be able to give good 
information and good intelligence that can be shared commonly 
with the private sector. 

Mr. Chair, that completed my questions. Thank you. 

Mr. Camp. Thank you very much. The chairman of the full com- 
mittee, Mr. Cox, may inquire. 

Mr. Cox. Thank you. I would like to welcome our witnesses again 
and add my gratitude to what you have heard from other members 
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for your time and the help that you are providing this committee 
in our oversight. 

Mr. Liscouski, the Security Working Group is looking into a pos- 
sible cyber-connection to the blackout. I take it that we use the 
words “cyber-connection” advisedly because we still want to include 
the small chance that there might be a bad actor, as well as simply 
mechanical or computer failure. Is that right? 

Mr. Liscouski. That is correct, sir. 

Mr. Cox. When do you expect that we will have an answer on 
that part of the investigation? 

Mr. Liscouski. I would like to report that it would be soon, but 
my fear is that it is going to take us quite sometime before we can 
come a conclusion. 

Mr. Cox. What does that mean? Ballpark? 

Mr. Liscouski. Probably several months. We are talking about 3 
or 4 months, based upon the amount of data, which is really going 
to be dependent upon how focused we become on the initial root 
cause. Just at a top level, our process is really going to be geared 
at working with the electrical working group to identify root cause. 
Once we can identify the root cause of the issue, then we can begin 
to quickly look around at the surrounding causes that might be 
cyber- related. 

In a classic investigation, if we are capable of doing that, we can 
potentially reduce our timeframe for the analysis. But if we have 
to look across all different platforms outside just a specific root 
cause area, then we are talking about terabytes of data through 
which we have to do analysis. That Is extremely time consuming. 

Mr. Cox. In addition to the cyber aspects, is this Security Work- 
ing Group also looking at other means of bad actor, for example 
detonation of explosions, causes for the accidents or causes for the 
blackout? 

Mr. Liscouski. Yes, sir, we are looking at that as a component 
of it. Fortunately, those are more visible signs, but there are other 
potential causes that might be more physically oriented that we are 
examining as well. 

Mr. Cox. At the time that the country was assured that this was 
not a terrorist attack, my understanding is that it was the Depart- 
ment of Homeland Security that for the United States Government 
shared that information through the media. Is that correct? 

Mr. Liscouski. I believe that is correct, sir. Yes. 

Mr. Cox. And was that by prearrangement, or was that just how 
it happened? 

Mr. Liscouski. I don’t recall exactly how that transpired. I can 
certainly get back to you with the sequence of events. 

Mr. Cox. I raise it because, first, it seems to have worked. Sec- 
ond, if it was just serendipity as opposed to a plan, then we can 
probably add this the list of lessons learned and make it part of 
the plan for next time. 

Mr. Liscouski. Yes. 

Mr. Cox. I suspect that there probably was some, if not total, 
fore-ordination of this because otherwise everybody would be trying 
to elbow their way to the front. And obviously, the Department of 
Homeland Security was created for this purpose. But as you can 
imagine, on the public side it is vitally important that people have 
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a clear answer from the USG. When we conducted TOPOFF II, we 
learned in an analogous way what happens when the Department 
of Energy was competing with the EPA about data concerning 
when the mayor can tell the public that the radiation is blowing 
your way or somebody else’s way. We have to have somebody in 
charge. That was the lesson learned there. So from this real-life ac- 
tivity, it is very important that we recognize this seems to have 
worked. DHS took the lead role, and that should be institutional- 
ized, if it isn’t already. 

Mr. Liscouski. Yes, sir, if I may respond. The lack of conclusion 
I can provide you is my role during that course of the process was 
actively engaged and working with Secretary Ridge, and we were 
involved in the secure video teleconference with the FBI and CIA 
and State and the White House. During that discussion, we came 
to consensus on the determination. Unfortunately, I just wasn’t 
present when the actual announcement was made. 

Mr. Cox. I understand, and I appreciate your undertaking to get 
that detail back to us. The two of you, or at least the departments 
that you represent, are working on an MOU. Is it the case that it 
is also you personally that are both working on this, or is it other 
people in the departments? 

Mr. Liscouski. No sir. It is our offices, I believe, in addition to 
our policy staff who are also working on agreements with DOE. 

Ms. Swink. We will cover the arrangements with the Science and 
Technology Office and the Emergency Response Office, too, but I 
believe that for this memorandum of agreement on critical infra- 
structure, the point will be Bob’s office. 

Mr. Cox. And when do you expect the MOU will be completed? 

Mr. Liscouski. I would say it is ongoing, sir. I am not quite sure 
exactly what the time frame is going to be. What we are looking 
to do is looking at similar agreements we have to make with other 
agencies. Rather than just make one that we will have to make 
continuous adjustments for, our goal is to look at the commonal- 
ities for this agreement that would be applicable across all of the 
sectors. 

Mr. Cox. Ms. Swink, you testified that in real time you are also 
talking, for example, to NIST and DIA. Are you looking to execute 
parallel MOUs with them, or are you trying to roll that into the 
same agreement with the Department of Homeland Security? 

Ms. Swink. I know that our priority right now is to sort out the 
agreement with the Department of Homeland Security, and as Bob 
says, as much as possible create some model frameworks that all 
departments can look at with respect to developing that relation- 
ship. We have been sharing information actually for months on 
what should go into that type of agreement. As soon as that frame- 
work is there, there should be no reason at all that the other agen- 
cies don’t become part of it. 

Mr. Cox. Thank you. My red light has gone on. I will just leave 
you with the question which is, Mr. Liscouski, the crisis action 
team that you set up in order to respond to the blackouts, which 
incorporated the infrastructure coordination division, national 
cyber-security division, protective security division and certain IA 
entities, was this ad hoc-ery or was this pre-planned? And to the 
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extent that it worked, which you testified that it did, is it some- 
thing that we are going to institutionalize? 

Mr. Liscouski. Yes, sir. It is an institutionalized capability. The 
Homeland Security Operations Center is the focal point for coordi- 
nation for incidents. All of the elements of DHS are represented on 
the HSOC, as well as the are components of our sister agencies 
who have response capabilities and proactive responsibilities as 
well. This is already institutionalized. 

If I may, sir, just make one clarification with respect to MOUs. 
DHS, DOE, the other agencies with whom we work do not require 
an MOU to work going forward. There are all sorts of responsibil- 
ities for things that we have a very good understanding in terms 
of how we do work together. That is why the only clarification in 
terms of needing an MOU, our concern is, not concern, but working 
forward with other federal agencies. We believe we have a very 
good role and understanding based upon the Homeland Security 
Act and how DHS was formulated in the first place. 

Mr. Cox. Thank you. 

Thank you, Mr. Chairman. 

Mr. Camp. Thank you very much. 

Mr. Lucas may inquire. 

Mr. Lucas. Thank you, Mr. Chairman. 

Mr. Secretary, in my district in Kentucky it has been ascertained 
that about 85 percent of our potential targets are in the private 
sector, like chemical plants and materials handling companies and 
things like that. Of course, they are in business to make a profit. 
They look to the bottom line. In your view, do you think that DHS 
relies too heavily on the voluntary private sector action to improve 
their infrastructure protection? 

Mr. Liscouski. No, sir, I don’t. I believe appropriately the pri- 
vate sector needs guidance and needs to understand what the best 
practices are in the context of the threats that they face today. I 
do not believe the voluntary approach in the private sector is the 
inappropriate approach. Coming out of the private sector, I can tell 
you that it is something was always in the front of the minds of 
the corporations that I worked for. We did not need to be told nec- 
essarily how to do our work, but in the context of understanding 
the behaviors we needed to apply about what our responsibility 
was, was something we would engage with, and we consistently en- 
gaged with with the federal government. No, I believe the vol- 
untary approach is the right approach. 

Mr. Lucas. Thank you. I relinquish the balance of my time. 

Mr. Camp. Thank you. 

Mr. Weldon may inquire. 

Mr. Weldon. Thank you, Mr. Chairman. 

As my colleagues know, I come at these issues from the security 
standpoint of the Armed Services Committee and threats to our se- 
curity. 

Mr. Liscouski, you mention in your testimony that we are focus- 
ing on the issue to ensure that we can anticipate effects and 
prioritize our efforts based on the bigger picture, not just reacting 
to what is easily and immediately observed. Apparently, this black- 
out that we just experienced was caused by accidental incidents. 
We are putting into place processes to protect us from additional 
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accidental incidents. But a terrorist is not going to rely on that 
kind of capability, and my own feeling is that we are, if not totally, 
just about totally vulnerable to what I think is the biggest threat 
to both our power grid and to our information technology capability 
and our way of life. 

I do not think we are prepared, and I am going to ask each of 
you to respond very specifically, in your agency, who has the re- 
sponsibility to develop plans for us against what other nations have 
been planning to deliberately do if a nuclear war were to start? I 
am familiar with Russian nuclear doctrine. Their first attempt at 
attacking us would be to lay down an EMP burst off of our coast 
with a nuclear weapon that would not hurt one person, but would 
fry all of our electronic components, including our electrical grid 
system. It would shut down America, including our vehicles, that 
have chips in them that would stop on the roads. 

Now, we tested this capability in 1962 when we did four tests at 
the Kwajalein Atoll in the Pacific. We were startled that within 
800 miles everything was shut down, streetlights. We stopped cars 
dead in their tracks, and we fried the major electronic components 
of our telephone system. We did those tests in 1962. That is not 
classified. That has been reported in the media, and in fact it was 
just in a book put out by Dan Verton called “The Black Ice.” 

In 1999, we in the House held hearings on this phenomenon, not 
because of 9-11, but because we knew of the implications. Directed 
energy has become the weapon of choice for the future for nations 
that want to bring us down or harm us. We are doing research our- 
selves, and so are other countries on directed energy, let alone the 
EMP phenomenon. Who specifically and what department of both 
of your agencies has assessed and is responsible for protecting 
America from the standpoint of electromagnetic pulse lay-down and 
directed energy threats? Each of you. 

Ms. Swink. I will have to supply a more expanded answer for the 
record to get the level of detail that you are requesting. I will say 
that the DOE national laboratory system has been doing evalua- 
tions over the past year or more on the implications of EMP on 
SCADA systems themselves, supervisory control analysis data ac- 
quisition systems. At this point in time, there is a high concern for 
vulnerabilities, serious vulnerabilities. But with respect to exactly 
where in the department the leadership is for it, I will have to find 
that out for you. 

Mr. Weldon. Mr. Liscouski? 

Mr. Liscouski. Mr. Weldon, in the context of Homeland Security, 
we have been studying this effort. I know there is an EMP commis- 
sion. Our NCS, national communication system, has been working 
with the commission to study the effects. I am looking at some of 
the notes with respect to that. Modeling has been done with light- 
ning strikes as a small- scale in understanding the implications of 
that. I know this is a big threat. We are taking it seriously. We 
are working with the commission to understand the effects of it. 
Our S&T organization is one that we have working with as well. 
So, no question, sir, it is a big problem. 

Mr. Weldon. My problem is, Mr. Chairman, it is not mentioned 
in any of the testimony. The EMP Commission to which I assume 
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you are referring is actually a congressional commission that we 
created. 

Mr. Liscouski. Yes, sir. 

Mr. Weldon. It is not a commission established by Homeland 
Security or the Energy Department. 

Mr. Liscouski. Yes, sir. 

Mr. Weldon. The executive director of the commission is sitting 
in the room and he has had no contact with either of your agencies. 
To me, that is an indictment if we are supposedly preparing this 
country for what we call not just what is easily and immediately 
observed, but the bigger picture. 

There is no more, no more threat to our security and our quality 
of life than a terrorist using electro-magnetic pulse, which we now 
have 10 countries that have nuclear capability. We are talking 
about low-yield weapons that would not harm one person. We deto- 
nate it in the atmosphere and we know 70 countries have missiles 
that could launch such a capability off of our coast. 

We have tested this capability. We know what it does. My own 
feeling, Mr. Chairman and members of the full committee, is that 
we are not taking this issue seriously. We have no hardening of 
any of our systems in the country except for our ICBM system. 
That is the only hardening we have. I just think we have to start 
to raise the awareness. I congratulate the Congress, both sides, for 
establishing the EMP Commission. I introduced the executive di- 
rector, Peter Prye, former CIA agent who is in the room. I would 
just say that I would think this distinguished panel ought to have 
more involvement with the agencies that are responsible for pro- 
tecting us against the worst threats to our security. 

Thank you. 

Mr. Camp. Thank you. 

Mr. Dicks may inquire. 

Mr. Dicks. Thank you, Mr. Chairman. I want to go back to this 
question about how we are doing our threat assessment, how we 
are cataloguing critical infrastructure. What is the responsibility of 
the states? Are the states asked to do a plan of critical infrastruc- 
ture in their state, on a state-by-state basis? It seems to me, if we 
haven’t approached this problem yet, which I think we should, that 
that might not be a bad way to do it. I mean, to come up with some 
criteria — here is what is important — and have the states fill it out, 
so they can give you their perspective of what is critical infrastruc- 
ture in their states. 

What is wrong with that? Or is it being done? 

Mr. Liscouski. Sir, in fact we are working very closely with the 
states. To your point earlier, or actually to Mr. Lucas’s point, with 
respect to critical infrastructure being owned 85 percent within the 
private sector, 100 percent of it is in at the local level. The state 
and local governments with whom we work very closely are obvi- 
ously responsible for helping us protect that and taking the lead in 
many ways in protecting that. 

So we work very closely with them, and we have set up ways to 
begin. Again, this is a beginning effort. We recognize that this is 
clearly the beginning stages of DHS to develop this capability. But 
we are working with state and locals to develop training capabili- 
ties and to build their capacity to conduct vulnerability assess- 
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ments at the local level. This is not about DHS conducting vulner- 
ability assessments for every single piece of critical infrastructure 
across the United States. We need our state and local partners. So 
to your point, sir, we are aggressively moving out on that. 

Mr. Dicks. Well, it seems to me, and maybe we will have to leg- 
islate this, but somehow getting the states to do a plan which 
would include the assessment seems to be a very fundamental way 
to start, and the states have the joint terrorism task forces. They 
have the heads of the National Guard. The governors have their 
people who are working on these issues. It just seems to me that 
if we gave them a modest amount of resources and said do a plan 
for how you are going to handle critical infrastructure, and then 
work with your department, we might make some real progress 
and it would not take nearly as long. I think the state people know 
what is critical in their state, maybe even a little bit better that 
the feds do. 

Mr. Liscouski. Sir, I may not have been clear. I wanted to ar- 
ticulate we are exactly doing that. 

Mr. Dicks. Okay, you are doing it? 

Mr. Liscouski. Yes, sir. 

Mr. Dicks. Okay. Well, that is good. When do you think you will 
have these plans in place? 

Mr. Liscouski. Yes, sir, as I indicated, with our nascent effort. 
We are doing a couple of things, with building our organization and 
staffing up, as well as providing the capabilities out to the field. We 
are training state and local police agencies, law enforcement enti- 
ties, on how to conduct vulnerability assessments, what the expec- 
tations are, basic standards and methods and how to do these 
things. This is an ongoing process. 

Mr. Dicks. As you think about this, we have had hurricanes. We 
have had blackouts. These almost became like an exercise for DHS, 
for the department, the federal government, and FEMA. These 
things come along from time to time. In some cases, the cata- 
strophic events are in some ways what would be very similar to 
what would happen in a terrorist attack. So it seems to me that 
maybe you take these events as they come along and it gives you 
a good chance to train your people, to really be prepared and to lay 
out your game plan for how you are going to deal with any cata- 
strophic event. Obviously, we hope we will not have terrorist 
events, but at least it gives you some ability to train. Would you 
agree with that? 

Mr. Liscouski. Absolutely, sir. I do. 

Mr. Dicks. We know we are going to have these kind of events. 
There is no way around it. 

My staff tells me that California and New York have already 
done their plans, but DHS has not asked for them. Is that accu- 
rate? 

Mr. Liscouski. I don’t believe so, sir. In fact, we are working 
closely with them. 

Mr. Dicks. Why don’t you check that out. 

Mr. Liscouski. I would be happy to. 

Mr. Dicks. Ms. Swink, I have a question for you. This is a paro- 
chial matter. I hope my colleagues will forgive me just for a mo- 
ment. I have been working for a number of years in the State of 
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Washington on a project called HAMMER. This is not named after 
the majority leader, by the way. 

[Laughter.] 

This is called the Hazardous Materials Management and Emer- 
gency Response Training and Education Center. This is a place 
where we do a lot of training. I understand that you are getting 
this turned over to you. Is that right? 

Ms. Swink. That is correct. 

Mr. Dicks. I just hope you will take a very close look at this fa- 
cility. I think for training first responders, National Guard, home- 
land security, this is an ideal facility. I just hope you will take a 
good close look at it. 

Ms. Swink. Mr. Dicks, I have been out and spent a couple of 
days at the HAMMER facility. It is an incredible asset, certainly, 
for what the Department of Energy sees needs to be done in the 
energy assurance area, but across the board. DHS actually has a 
border station there now. It is a major large prop training facility 
for which I think is going to be a tremendous asset. 

Mr. Dicks. My time has run out, but I will do like the chairman 
did and leave you with one parting thought. I do not think that vol- 
untarism is going to work. I think you are going to have to have 
some guidelines and some direction to the private sector. 

Thank you. 

Mr. Camp. Thank you. 

Ms. Jackson-Lee may inquire. 

Ms. Jackson-Lee of Texas. I would like to pursue a line of ques- 
tioning with the Assistant Secretary for Infrastructure Protection. 
We had this line of questioning the day before yesterday about the 
assessments being made on the blackout. Is this the time for the 
report or are we still embargoed? 

I think the question I was pursuing is what we have been able 
to determine by study and research on what happened and how 
you determined that it was not certainly a terrorist act, but it cer- 
tainly was an infrastructure problem which can be equally dis- 
concerting in light of the fact that out of that, horrible incidences 
can occur. So you delayed me in your response, and I am trying to 
find out now if this is the time or are we still doing the research? 

Mr. Liscouski. No, ma’am. In fact, I mentioned earlier we are 
in the process still of doing the analysis. This report is not going 
to be provided by the task force for a couple more months yet. I 
am afraid I cannot share the conclusions with you. We just don’t 
have conclusions at this point. 

Ms. Jackson-Lee of Texas. When you say a couple of months, 
why don’t you just project for me a basic timeframe on that. 

Mr. Liscouski. Ma’am, I am afraid I am not in charge of the 
time line for the publication of the report. I am contributing to the 
report to the task force. I would have to defer that to the task force 
leadership. 

Ms. Jackson-Lee of Texas. So you think, however, it is a couple 
of months? 

Mr. Liscouski. Yes, ma’am. I can tell you earlier Chairman Cox 
asked me about the analysis we are doing. The analysis we are 
conducting for the cyber investigation is quite involved and poten- 
tially may be even longer than that. 
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Ms. Jackson-Lee of Texas. Let me try to find out the status of 
the DHS developing a comprehensive CIP risk assessment. Can 
you let us know where you are in doing that? And in your opinion, 
which of our critical infrastructure sectors pose the greatest na- 
tional security concern? 

Mr. Liscouski. Yes, ma’am. In fact, since we started this effort 
with DHS back in March, as you know, we have been building the 
organization and simultaneously responding to threats posed to us 
by the Iraq war as our first order of business. The team did a great 
job in preparing protection plans to respond to the threats that 
were posed to us by the Iraq war, and then subsequently went on 
to the next effort of categorizing and identifying the critical sectors 
and the critical assets as part of our infrastructure protection plan. 

That is an ongoing body of work. If we do this right, we will 
never be completed with it because if we are successful we will con- 
tinue to identify the interdependencies of the critical infrastructure 
to uncover additional vulnerabilities. We are going to refine it. We 
have begun. As I have indicated, I have developed the capability 
to comprehensively begin this effort. We have begun the effort in 
earnest. I just will caution you that this is a very complex issue, 
one which DHS will be engaged with as federal partners and state 
and local and territorial partners for quite some time. So there will 
be no time line in which we will say we are finished. And in re- 
sponding to the question concerning which are the most critical, I 
think you asked? 

Ms. Jackson-Lee of Texas. Yes. 

Mr. Liscouski. Again, it is in the context of we look at all 13 
critical infrastructure components in the five key asset areas as 
they have been identified by the Homeland Security Act as just 
that, as critical. And really, we really look at them in the context 
of right now which are the most threatened, and we have a per- 
spective on that, and we are continually culling the intelligence 
community for current threat information to identify those which 
require particular attention right now, as we are building capabili- 
ties. As you know, this critical infrastructure has been in the 
United States for quite some time, and we have never had a com- 
prehensive look at protection of critical infrastructure as we have 
today with DHS. 

So if the expectation is we will do this quickly, then we will not 
do it well. But I argue that we are really trying to take a very com- 
prehensive look to put as many good security practices out there 
that are cost-effective, that are measurable and implementable by 
all aspects, not just the private sector, but by state and local gov- 
ernments as well. 

This is an extremely complex issue. As DHS matures in its orga- 
nization, when we are fully staffed over the next couple of years 
and develop our capabilities, I would be happy to get back to you 
with that answer. We are peeling this onion back and it is becom- 
ing more complex. 

Ms. Jackson-Lee of Texas. I do understand that. Let me just 
say, it looks like the light went from green to red. Is there a prob- 
lem there? Let me just say, if you would, Mr. Chairman, because 
I was looking for the middle light there, and it did not light up, 
so I would ask you indulgence. 
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Mr. Camp. Why don’t you just proceed? Thank you. 

Ms. Jackson-Lee of Texas. I would appreciate it very much, Mr. 
Chairman. 

Let me just say, there are a number of colleagues on this panel 
that are from New York, and I do want to express my admiration 
for New Yorkers in the tragedy of 9—11, and certainly they were 
very fortunate in the instance of the blackout. The television 
showed us tens of thousands of New Yorkers who had to walk 
across the Brooklyn Bridge to end their workday, and many other 
places and cities on that grid were experiencing the same. We can 
congratulate the people and the leadership of that area, but I 
would just emphasize the urgency of being able to respond more 
quickly than it seems that there might be an effort to do. I think 
this hearing is to emphasize the urgency. We have some serious 
concerns. 

I end on the question of whether or not you are even looking at 
the individuals who can contribute to the vulnerabilities. I men- 
tioned this yesterday. The young people, individuals at home can 
contribute to the vulnerabilities of cybersecurity. Because of that, 
because there is so much access to the cyberworld, to the Internet, 
it is I think imperative that we have sense of urgency and that we 
realize that any day something could happen that could be a catas- 
trophe. I would hope that we would be able to have you before our 
committee again responding to the sense of urgency that I have 
just enunciated. 

Mr. Liscouski. May I respond? I would like to articulate that 
DHS clearly does have a sense of urgency about what we are doing. 
And if I have given you any indication that we don’t, I apologize, 
because we are acting in an urgent way all of the time. We are con- 
tinuously working at the most urgent requirements that we have. 
As I indicated yesterday, outreach and awareness program at all 
levels of government and the private sector and the civilian sector 
are clearly within our focus. I agree with you 100 percent that we 
have to educate all citizens of this country to what they can con- 
tribute to the effort to protect our homeland. Everyone here does 
have a responsibility for that. That is exactly the message we are 
trying to put out there. So I appreciate your support in that. 

Mr. Camp. Thank you. 

Ms. Slaughter may inquire. 

Ms. Slaughter. Thank you, Chairman Camp. 

One of the question, if I heard you respond correctly to Ms. Lee, 
was that you are not yet fully staffed in order to get the CIP fin- 
ished. Is that correct? 

Mr. Liscouski. Ma’am, we are staffing as we speak. We are in 
the process of recruiting the best talent that we can. Part of that 
effort requires reaching out to the private sector where we can do 
that, and that requires us to get security clearances. 

Ms. Slaughter. How many professionals do you have now? 

Mr. Liscouski. To give you a ball park, in my office alone I be- 
lieve we are probably in the number of around 200 and some-odd 
folks. 

Ms. Slaughter. How many do you need? 

Mr. Liscouski. Correct me if I am wrong. I would have to go 
back to an exact number, I think what we are staffing up for in 
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fiscal year 2004 is, within the Infrastructure Protection Office, ap- 
proximately roughly 450 to 500 people. 

Ms. Slaughter. So you are only about half way there? 

Mr. Liscouski. For fiscal year 2003 we are pretty much on tar- 
get. We are moving right along. 

Ms. Slaughter. Do the people that you hire already understand 
their own sectors and have the technical expertise in exactly what 
you need? 

Mr. Liscouski. That is precisely what we are hiring. It is tech- 
nical expertise in those sectors, ma’am, yes. 

Ms. Slaughter. That is really disconcerting. I am disappointed 
that more than a month later we still don’t know what happened 
on the power failure, just as I am disappointed that 2 years later 
we still don’t know who mailed the anthrax. But let me just say 
something about pre-blackout. I was at Niagara Falls when this oc- 
curred. The first thing that we heard was that there had been a 
lightning strike at Niagara Falls. It was the most beautiful day we 
had all summer. But most of the events I would bet that contrib- 
uted to it, occurred from noon to about 4:13 p.m. I think that is 
about the time our cell phones all went out, in any case. The gen- 
eration and the transmission and the operating events all went 
down effective later in the day. The investigators I think are look- 
ing at what happened from 8 a.m. on that day, but we have not 
yet gotten any information on that. Is your office at all interested 
in that? Are you looking at that? 

Mr. Liscouski. Ma’am, as part of the Security Working Group 
we are looking at all aspects. We are working very closely with our 
other working group partners, sharing information. So we are in- 
terested in all aspects of the power outage. 

Ms. Slaughter. What concerns me is what Sheila Jackson-Lee 
had said. It could happen again any day, and the fact that we don’t 
know why it happened on August 14 is very troubling to this point. 
Since the country seems to be willing to spend anything, do any- 
thing, go anywhere, the fact that we are still at this point, so to 
speak, in the dark I think is really quite troubling. We all under- 
stand that the grid had probably been neglected. 

As a matter of fact, according to the Brookings Institution, the 
Bush administration ignores the major critical infrastructure in the 
private sector. In testimony before the committees on September 4, 
2003, a witness from Brookings gave DHS “not a passing grade” on 
critical infrastructure protection. That was September 4, right after 
the blackout. At a recent Council on Foreign Relations homeland 
security event, former senior national security officials and senior 
state-level homeland security officials were asked to grade DHS on 
critical infrastructure protection, and the grades ranged from a D 
to a gentleman’s C to another D to absent. 

I wonder if you would care to respond to what appears to be a 
very negative assessment of what is going on at DHS and if you 
feel that part of that is because you are not yet staffed up or what 
are the problems. 

Mr. Liscouski. Yes, I would be happy to respond to it. Without 
knowing the specifics of those criticisms, I will just respond in a 
general way as well. I think perhaps there may be a lack of under- 
standing of how complex this problem really is. I don’t think any- 
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body has ever done this before in the context of the federal govern- 
ment, or anywhere, frankly, at the magnitude that DHS is doing 
that. 

So we accept if there are valid, and there clearly are I am sure 
valid criticisms out there. We would like to learn how to do this 
better and we welcome those opportunities to learn how to do that 
better. You will find my management style is not one of arrogance 
or suggesting we know how to do it. In fact, if anything, we are 
looking to steal the best ideas from anybody that wants to tell us 
how to do these things so we can get the job done a lot better, and 
we are moving aggressively to do that. 

And if we are at a C or a D right now, well, I am not suggesting 
I agree with that, but I would also suggest that we are doing a lot 
of work and we do need to do a lot more. I don’t deny that for a 
moment. 

Ms. Slaughter. I have a lot of friends in the utility business 
who would like to give you some ideas on what they think. 

Mr. Liscouski. I would be happy to hear from them. 

Ms. Slaughter. They believe very strongly that the deregulation 
of electricity which required them to go out of generation of energy, 
and the fact that the people who were responsible for transmission 
lines did not keep them up and there was no incentive for them 
to do so, or actually were not told to do it specifically, which means 
to me that if we had it once, we are very likely to have it again. 

Mr. Liscouski. If I could just respond to that. That really sounds 
like a regulation issue and DHS is not a regulatory authority. 

Ms. Slaughter. I understand that, but nonetheless if you said 
you want to learn all aspects of it and find out what you think hap- 
pened, that might be something that you might also have to look 
into. 

Mr. Liscouski. Thank you. 

Ms. Slaughter. Thank you. 

Mr. Camp. Thank you. 

Ms. Christian-Christensen may inquire. 

Mrs. Christensen. Thank you, Mr. Chairman. 

Welcome back, Mr. Assistant Secretary. Welcome, Ms. Swink. I 
thank you, Mr. Liscouski, for remembering not only the states, but 
the territorial people in your comments. 

Sorry for being late, but I did have a chance to look through your 
written testimonies. Assistant Secretary, I was impressed with the 
part of your testimony that talks about the DHS’s responses that 
you described to the August 14 blackout. How much of that re- 
sponse happened just because the people on the ground knew what 
they were doing, or the people involved knew what they were doing 
from past experience? And how much do you think happened be- 
cause there is a Department of Homeland Security? In other words, 
could we have done just as well in responding without the depart- 
ment being there? Do you understand the question? 

Mr. Liscouski. Yes, ma’am. 

Mrs. Christensen. How much of the response was really be- 
cause we have an IAIP and a DHS? 

Mr. Liscouski. I would say it is all because we have IAIP. But 
practically speaking, and without being too glib, I do attribute our 
ability to respond well is because DHS does exist. The function that 
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IAIP represented was a good coordination point, as I described ear- 
lier in how events unfolded and what role IAIP played in that. Ini- 
tially, as the blackout was becoming known to the community at 
large and came to our attention, IAIP coordinated with the sectors, 
the private sector, our federal partners, DOE, to determine exactly 
what was going on. We were able to do that fairly quickly, within 
an hour and actually even less, to understand what events were oc- 
curring and provide that information to the Secretary and subse- 
quently to the White House very quickly to understand situational 
awareness. 

The real discriminator in terms of what IAIP has provided to this 
effort that would not have existed if DHS not around was really 
the ability to look forward to the next step. I think clearly the ca- 
pacity that DOE has and the experience that the folks have there, 
I readily admit that they would be able to adequately and ably 
handle this type of event. They are a tremendously experienced 
and talented group of professionals. But the distinction there is the 
fact that looking at the next event, in the context of without know- 
ing if this was a terrorist event, and even with knowing that it was 
a terrorist event, DHS’s responsibility was to look at what the next 
steps might be and how this event, how the blackout might have 
been exploited by terrorists or those who might have used this as 
an opportunity to conduct some sort of act. 

We immediately progressed to that next level of thinking. The 
staff that I have working for me get paid to do that. We have sce- 
narios based upon cyber events and electrical events, and other 
types of outages that we would say, okay, how could these events 
be exploited by terrorist groups? What do we know about the intel- 
ligence function? We were able to answer those questions and 
quickly put plans in place to prepare in the event that those sce- 
narios were carried out. I think that is an incredible unique oppor- 
tunity that the federal government has and that the American pub- 
lic has available to them by the creation of the DHS. 

Mrs. Christensen. Okay. You partly answered my next ques- 
tion, so I will ask a question to Ms. Swink. Moving to more infor- 
mation, technology dependent, and I hope this question was not 
asked already, smart grid is among the leading proposals to im- 
prove the capacity and reliability of the power grid. This would in- 
clude replacing electro-mechanical switches with digital ones, and 
introducing real-time computer monitoring of the power lines. 
Would such changes increase the cyber-vulnerabilities of the power 
grid? If so, how should we balance the increase vulnerability with 
increased power grid performance and reliability? 

Ms. Swink. With business as usual, I would say that it would in- 
crease the vulnerabilities. But because of a lot of good work being 
done in the government labs, as well as the private sector, a much 
better understanding of how those new systems and devices need 
to be designed with authentication procedures, cryptography, im- 
mediate recognition of assaults by viruses, et cetera, we are well 
on the way of having the tools and mechanisms to build that sys- 
tem so that it is responsive and not vulnerable. 

Mrs. Christensen. So you think that because we are much more 
aware of some of the vulnerabilities, we will be able to address 
some of what might have otherwise been increased vulnerabilities? 
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Ms. Swink. Yes. 

Mrs. Christensen. Okay. I guess I could ask this to either one. 
Well, my time is up. I will wait for the next panel. 

Thank you, Mr. Chairman. 

Mr. Camp. Thank you. 

As this is a joint hearing held with the Cyber Subcommittee, I 
will turn the gavel over now to Congressman Sessions. 

I want to thank both of you for your attendance here today and 
for your very insightful testimony, and I appreciate your being 
here. We will move to our second panel. I want to thank you again. 

Again, I will turn the panel over to Congressman Sessions. This 
is a joint hearing with the cyber subcommittee, and he will chair 
this second panel in today’s joint hearing. 

Mr. Sessions. [Presiding.] I thank the gentleman. 

Local governments are responsible for coordinating the states’s 
response to a wide range of emergencies and disasters, both nat- 
ural and manmade. Local law enforcement, fire, public works and 
emergency medical agencies and personnel are being trained in 
how to properly respond to potential terrorist incidents. The black- 
outs tested the training and response capabilities of our first re- 
sponders. 

Colonel McDaniel is here today before us and he will provide an 
overview of the events that occurred in Michigan during the black- 
out. Also today we have Mr. Robert Dacey, Director of Information 
Security Issues for the Government Accounting Office. GAO has 
made numerous recommendations over the last few years related 
to information-sharing functions that have been transferred to the 
Department of Homeland Security. 

One significant area concerns the federal government’s critical 
infrastructure protection efforts, which has been focused on the 
sharing of information on incidents, threats and vulnerabilities and 
the providing of warnings related to critical infrastructures both 
within the federal government and between the federal government 
and state and local governments and the private sector. Today, we 
are prepared to hear from Mr. Dacey, and he will offer rec- 
ommendations for strengthening the information-sharing and other 
critical infrastructure protection capabilities. 

At this time, I would like to begin with Colonel Michael 
McDaniel from the State of Michigan. 

STATEMENT OF COLONEL MICHAEL McDANIEL, ASSISTANT 

ADJUTANT GENERAL, HOMELAND SECURITY, STATE OF 

MICHIGAN 

CoLonel McDaniel. Thank you, Chairman Sessions, Chairman 
Camp, members of the committee, for this opportunity to testify be- 
fore you here today. 

My name is Colonel Michael McDaniel. I serve as the Assistant 
Adjutant General for Homeland Security for the Michigan National 
Guard, and as such I also serve as the governor’s adviser on home- 
land security to Michigan’s Governor Jennifer Granholm. 

Based on my understanding of the focus of this committee’s in- 
terest, my narrative of events of August 14 through 16, 2003 will 
focus on the interdependencies of the infrastructure, the responses 
thereto and the communications between state, local and federal 
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agencies. I will then briefly discuss some of the issues that surfaced 
during our response to the blackout and potential resolution of 
them. 

As you all know, on Thursday August 14, 2003 in the late after- 
noon approximately at 4:15 p.m., a massive power outage struck 
the power grid in the Midwest and Northeast U.S., as well as the 
Province of Ontario, causing blackouts from New York to Michigan. 
Within minutes, much of southeast Michigan and mid-Michigan 
was without power, including the major metropolitan areas of De- 
troit, Ann Arbor and Lansing. 

I will briefly outline some of the major complications from the 
blackout. In much of southeast and mid-Michigan, the lack of elec- 
trical power resulted in widespread traffic signals not functioning, 
and limited telephone communications. Radio and television sta- 
tions reported broadcasting difficulties, with several small stations 
not operating at all. Gas stations were unable to supply people’s 
needs for their cars and for their portable generators, as without 
electricity those gasoline pumps were inoperable. The auto industry 
in Michigan was also directly impacted by the loss of power, shut- 
ting down operations for the majority of 3 days. 

The Ambassador Bridge in Detroit, the busiest commercial land 
port in the United States, with 16,000 tractor-trailer trucks cross- 
ing daily, was also affected. This resulted in approximately a 4-mile 
backup of traffic for almost 24 hours on the United States side. I 
would just emphasize that it was the IT systems for the Canadian 
Customs that was shut down and not functioning. The U.S. Cus- 
toms system at the bridge was working. 

Many other computer systems were not functioning, however, in- 
cluding the Law Enforcement Information Network, or LEIN sys- 
tem. The Detroit Board of Water and Sewer, which is the oversight 
board for the nation’s second or third largest water system, re- 
ported its system was not functioning correctly. It had a boiled 
water advisory which was not lifted until late Monday, August 18. 
The state’s response in brief. As of 6 p.m., Governor Granholm had 
reported to the state emergency operation center. I would note that 
the Governor spoke directly with Department of Homeland Secu- 
rity Secretary Tom Ridge approximately 1 hour after the blackout 
began. As the dimensions of the emergency became clear, the fed- 
eral DHS called every hour for briefings. The FEMA representative 
was also present and working from the state’s EOC from August 
15, the next day, onward. The state of emergency was not re- 
scinded until a few days later. 

Briefly, the lessons learned. In Michigan, we are monitoring, in- 
vestigating or resolving the following issues. First, the communica- 
tions between federal and state agencies. I think it is safe to say 
there was full and robust communication between the appropriate 
federal and state agencies, but I would make a couple of sugges- 
tions for improvement. First, we were giving reports to the Depart- 
ment of Homeland Security directly, to FEMA or the EP&R direc- 
torate within DHS, and then to FEMA Region 5. To a large degree 
this was redundant information. 

Secondly, all of those communications were being made by tele- 
phone or facsimile machine. And given the intermittent outages of 
commercial telephone service elsewhere in the state, as well as in 
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the Lansing area for the first 8 hours, a backup system needs to 
be instituted that is not reliant on commercial lines or on portable 
generators. 

Secondly, the communications between state and local agencies 
worked very well. I would go so far as to brag a little bit and say 
they worked flawlessly. I think this was in large part because we 
had a substantial investment in the State of Michigan over the last 
12 years of approximately $220 million to create a statewide 800 
megahertz digital trunk radio system. As a result, there were no 
interruptions in the system anywhere as the control system in all 
180 towers have their own independent generators. 

I would note a couple of points, however. The state had to issue 
bonds to fund such a large expenditure. The IRS has ruled, how- 
ever, that because these are state bonds, only 5 percent of the 
members of the system can be non-state agencies. We do have a 
number of federal agencies who have radios on the system, includ- 
ing FBI, Bureau of Alcohol, Tobacco and Firearms, and the U.S. 
Forest Service. However, because of that 5 percent, we are limited 
in the degree to which we can request and ask the federal agencies 
to come on that system. Consideration should be given to creation 
of an exception to the IRS bonding restriction to promote interoper- 
ability of communications between state, as well as non-state agen- 
cies. 

I would also like to talk briefly about interdependent infrastruc- 
ture. We had questions from Congressmen Dicks and Lucas about 
the critical infrastructure protection and coming up with systems 
and inventories of those. I would just say that everybody has their 
own list of critical infrastructure protection, but what we need to 
do is have a process whereby those lists are not just inventoried 
and compiled and harmonized, but we need to have a strategic as- 
sessment. 

The Office of Domestic Preparedness has asked the states to do 
that, and we are in the process of doing that. A strategic needs as- 
sessment of the state is to be done no later than December 31. All 
states have to do the same process. At that time I think we will 
have the next step in a critical infrastructure protection that is 
truly a national plan, not just a federal plan or a state plan. 

Lastly, I would just mention the sufficiency of funds for state 
emergency operations centers. In some regards, the Department of 
Homeland Security has done very well in getting us funds for 
equipment and getting those down to the state. However, I would 
note that there was a fiscal year 2002 supplemental appropriation 
for statewide emergency operation center upgrades and modifica- 
tions and we have still not had an answer or received funding on 
that. 

I thank the committee for this opportunity to testify. I welcome 
any questions you have after Mr. Dacey. 

[The statement of Colonel McDaniel follows:] 

PREPARED STATEMENT OF COLONEL MICHAEL C. McDANIEL 

Thank you, Chairman Thornberry, Chairman Camp, and Members of the Com- 
mittee for the opportunity to testify today before your committee. 

My name is Colonel Michael C. McDaniel, and I serve as the Assistant Adjutant 
General for Homeland Security for the Michigan National Guard. As such, I serve 
as the Homeland Security Advisor to Michigan’s Governor, Jennifer M Granholm. 
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Based on my understanding of the focus of this committee’s interests, my nar- 
rative of the events of 1416 August, 2003 will focus on the interdependencies of our 
infrastructure, and the communications between state, local, and federal agencies. 
I will then discuss some of the issues that surfaced during our response to the 
blackout, and potential resolution of them. 

On Thursday, August 14,2003, at approximately 4:15 p.m., a massive power out- 
age struck the Niagara-Mohawk power grid in the Northeast US and Ontario caus- 
ing blackouts from New York to Michigan. Within minutes, much of southeast 
Michigan and mid-Michigan was without power, including the major metropolitan 
areas of Detroit, Ann Arbor, and Lansing. 

Approximately 60 percent of Michigan’s entire population, or more than 2.2 mil- 
lion households, was affected by the outage, requiring state agencies and local gov- 
ernments to utilize extensive emergency protective measures in order to insure their 
health, safety and welfare. 

Collectively, the State of Michigan and local governments expended $20.4 million 
on emergency measures to save lives, protect public health, and prevent damage to 
public and private property. 

The Emergency Management Division of the Michigan State Police began to im- 
mediately monitor conditions in Lansing and around the state, including the state’s 
nuclear power plants. Within minutes, when it was clear that there was a wide- 
spread outage, the state’s Emergency Operations Center (EOC) was formally acti- 
vated, and state agencies began to monitor state and national conditions. 

Below, I will briefly outline some of the major complications from the blackout: 

• In much of southeast and mid-Michigan, the lack of electric power resulted 
in widespread traffic signals not functioning and limited telephone communica- 
tions. Radio and television stations reported broadcasting difficulties, with sev- 
eral small stations not operating at all. 

• Many facilities lacked sufficient alternative energy sources. Portable genera- 
tors were needed at hospitals and other public facilities, including the state 
mental institution. 

• The Fermi II nuclear plant in Monroe County was shut down as a precaution. 
It returned to full power production and was reconnected to the power grid late 
Thursday, 21 August. 

• Marathon Refinery, Michigan’s largest refining facility, lost power and had to 
shut down. One unit did not shut down properly and began venting partially 
processed hydrocarbons. Because of the tank’s location, the city of Melvindale 
(with the assistance of the Michigan State Police) decided to evacuate 30,000 
residents and shut down Interstate 75 for several hours until the situation was 
controlled. The Marathon Refinery was inoperable as a result of the loss of elec- 
tricity and water, and out of production for approximately 10 days. 

• Gas stations were unable to supply peoples’ needs for their cars and portable 
generators, as without electricity the pumps were inoperable. 

• The auto industry was also directly impacted by the loss of power, shutting 
down operations forthe majority of three days. 

• The Ambassador Bridge in Detroit, the busiest commercial landport in the 
United States with 16,000 tractor-trailers crossing daily, was also affected. In- 
terestingly, both the bridge and U.S. Customs had their computers interrupted 
only momentarily until their back-up systems activated. Canadian customs, 
however, lost their computer datalink, and thus their ability to verify trucking 
manifests electronically. As a result they were forced to visually and manually 
inspect the manifests and, if warranted, the freight itself. This resulted in an 
approximately four-mile backup of traffic for almost 24 hours on the U.S. side. 

• Many computer systems were not functioning, including the Law Enforcement 
Information Network (LEIN). 

• Metropolitan Detroit Airport was closed and all flights canceled until mid- 
night on August 14. 

• The Detroit Board of Water and Sewers, oversight board of the nation’s sec- 
ond largest watersystem, reported that its system was not functioning correctly. 
It issued a boiled water advisory for its entire service area. A number of public 
water issues arose from the blackout. First, there is a need for generators and 
for an automatic activation switches for these generators. Second, much of the 
system’s gauges and switches rely on telephone lines, or telemetry, which is 
used to receive information on the system’s capabilities. Last, there was no sys- 
tem to notify all of the customers of the boiled water advisory, as notification 
was dependent on the public media. It became clear, on the morning of August 
15, that the largest problem was the lack of potable water. Public and private 
entities delivered hundreds of thousands of gallons of water to those affected 
sites, but a boiled water advisory was not lifted until Monday, August 18. 



152 


The State’s Response 

As of 6:00 p.m., Governor Granholm and her senior staff had reported to the state 
Emergency Operations Center (EOC). The Governor had been briefed by the Emer- 
gency Management Division of the Michigan State Police (MSP), and all state agen- 
cy representatives, and she first advised the citizens of conditions and our efforts 
via public media, at approximately 10:00 p.m. The MSP had positioned 50 state 
troopers on stand-by for mobilization, if needed to maintain order in blackout areas. 
Little to no looting was reported, and crime rates were at or below average. The 
Michigan National Guard also had troopers ready on stand-by. 

I would note that the Governor spoke with Department of Homeland (DHS) Sec- 
retary Tom Ridge approximately one hour after the blackout began. As the dimen- 
sions of the emergency became clear, the federal DHS called every hour for brief- 
ings. 

The State of Michigan has always had a great working relationship with FEMA 
Region V, and this working relationship was very evident during this emergency. 
Region V had activated their Regional Operating Center (ROC), and was in close 
and constant telephone contact. A FEMA representative was also present and work- 
ing from the State EOC, from August 15 onward. 

The state of emergency was not rescinded until August 22, 2003. 

Emergency Protective Measures Reimbursement 

On August 27,2003 the State applied to FEMA for federal reimbursement under 
the Stafford Act’ for actions taken by local or state agencies to remove or reduce 
immediate threats to public health, safety, welfare, or private property when those 
measures are used in the public interest. As of September 15, we have not received 
any response from FEMA. This is not an inordinately long period of time, but Michi- 
gan and other states are watching to see if the placement of FEMA within the 
Emergency 

Preparedness and Response Directorate (EP&R) of DHS will prolong the applica- 
tion process. I would note that the Undersecretary for EP&R has assured the state 
emergency management directors that it will not. 

Lessons Learned 

In Michigan, we are monitoring, investigating, or resolving the following issues: 

(A) Communications between federal and state agencies. There was full and 
robust communication between the appropriate federal and state agencies. DHS and 
FEMA were in regular, consistent contact with the State EOC. The State Depart- 
ment of Environmental Quality, Public Service Commission and National Guard 
were communicating with the Environmental Protection Agency, the Department of 
Energy, and the National Guard Bureau, respectively. Two suggestions for improve- 
ment, however, can be made. First, the reports given to DHS and FEMA Region V 
were redundant information. While the “operations tempo” of the emergency re- 
sponse was such that this was not a hindrance, this redundancy should be elimi- 
nated as the reorganization of federal agencies within DHS is completed. Second, 
all communication was by telephone or facsimile machine. Given the intermittent 
outages of commercial telephone service elsewhere in the state, a backup system 
needs to be instituted that is not reliant on commercial lines. I would note that 
there is a wireless system between FEMA Region V and the State EOC. Perhaps 
this capability can be expanded. 

(B) Communications between state agencies and between state and local 
agencies. Internal communications, both within a state agency and between em- 
ployees of the state and a local agency, worked flawlessly. The State of Michigan, 
over the last 12 years has spent in excess of $220 million to create a statewide 800 
Mhz digital trunk radio system. It is the believed to be the largest radio system, 
in terms of land mass covered, in the nation that meets APSCO 25 (Association of 
Public Safety Communications Officials) standards. This system provides full inter- 
operability, of course, as all members are on the same system. There are at the 
present time 374 different public agencies which use the Michigan Public Safety 
Communication System as their primary radio communications, and another 90 
agencies that use the system for emergency management purposes only. The mem- 
ber agencies include all state agencies, as well as counties, townships, tribes, and 
federal agencies (the FBI, U.S. Customs, Bureau of A TF and Forest Service). There 
are currently more than 11,000 radios on the system. 

There were no interruptions to the system anywhere during the blackout because 
the control center and all antennae have independent generators. Four of the five 
counties as well as many municipalities within those counties in the declared emer- 
gency area are now considering joining the Michigan Public Safety Communications 
System. 
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During FY 2003 the DHS administered an equipment grant program to promote 
interoperable communications between local governmental agencies. The states ex- 
pect to learn the grant recipients and amounts awarded in the near future. This 
program, by providing a specific financial incentive to pursue interoperability, has 
been well-received by the States. This program and its results should be monitored 
closely and considered for potential expansion. 

Because the state had to issue bonds to fund such a large expenditure, the Inter- 
nal Revenue Service (IRS) has ruled that with state bonds only 5 percent of the 
members of the system can be non-state entities, or, in this case, federal or tribal 
members. While far less than 5 percent of the radios on the system are used by fed- 
eral agencies, true interoperability compels their participation on the system. We 
need to find means to encourage federal participation on the MPSCS, thus consider- 
ation should be given to creation of an exception to the IRS bonding restriction to 
promote interoperability of communications between state and non-state agencies. 

(C) Interdependent Infrastructure. The above narrative illustrates the ripple ef- 
fect of an impact on one sector for the rest of the nation’s infrastructure. The facili- 
ties, systems, and functions that comprise our critical infrastructures are highly so- 
phisticated and complex. We are only now beginning to study the degree that our 
systems work together in processes that are highly interdependent. In one oft-cited 
example, e-commerce depends on electricity as well as information and communica- 
tions. Assuring electric service requires operational transportation and distribution 
systems to guarantee the delivery of fuel necessary to generate power. Such inter- 
dependencies have developed over time and are the product of operational processes 
that have fueled unprecedented efficiency and productivity. 

Given the dynamic nature of the systems, we need not only to model but also a 
concerted, joint state/federal effort to identify and prioritize not just the systems, 
but their critical components, their interdependencies, and the state and federal 
agencies that both regulate and rely on them. In the past, different state and federal 
agencies have inventories and prioritized the critical infrastructure. This process is 
ongoing, it is a vital step for every operational plan for protection and security, and 
those priority lists are driving our efforts. 

(D) Sufficiency of funds for state Emergency Operations Centers. Defi- 
ciencies in the state Emergency Operations Center become obvious after spending 
36 straight hours there. The FY 2002 Supplemental Appropriation provided approxi- 
mately $51 million nationwide specifically for Emergency Operation Center up- 
grades and modifications. This amount is insufficient to properly upgrade the Emer- 
gency Operations Center for every state and territory. For example the State of 
Michigan had requested $9.5 million for this purpose, which would include all de- 
sign, engineering, construction, and project management costs for the State EOC, 
and an alternate EOC in the metro Detroit area. A decision on the grants is long 
overdue, particularly considering that some state, somewhere in the nation, is facing 
an emergency, albeit usually natural emergencies, such as floods, fires and hurri- 
canes, almost every day. 

I thank the Committee for the opportunity to testify, and I welcome any questions 
you may have. 

Mr. Sessions. Colonel McDaniel, thank you so much. Your re- 
quest to us concerning the tax implications will be not only ac- 
knowledged by this committee, but we will also provide you back 
in writing what we intend to do as far as referring that. We have 
several members, including the gentlewoman from Washington, 
who sit on the Ways and Means Committee and would be able to 
address that properly. 

Thank you so much. 

Director Dacey, you are recognized. 

STATEMENT OF MR. ROBERT DACEY, DIRECTOR, 

INFORMATION SECURITY, GENERAL ACCOUNTING OFFICE 

Mr. Dacey. Chairman Sessions, Chairman Camp, and members 
of the subcommittee, I am pleased to be here today to discuss the 
Department of Homeland Security’s information- sharing respon- 
sibilities, particularly as they relate to critical infrastructure pro- 
tection, or CIP, and the challenges and key management issues 



154 


that the department faces in implementing those responsibilities. 
As you requested, I will briefly summarize my written statement. 

The Homeland Security Act of 2002 brought together 22 diverse 
organizations and created a new Cabinet-level department to help 
prevent terrorist attacks against the United States, reduce the vul- 
nerability to terrorist attacks, and minimize damage and assist in 
recovery from attacks if they should occur. Achieving the complex 
mission of the department will require the ability to effectively 
share a variety of information among its own entities and with 
other federal agencies, state and local governments, the private 
sector and others. 

For example, the department will need to be able to access, re- 
ceive and analyze law enforcement information, intelligence infor- 
mation and other threat incident and vulnerability information 
from federal and non-federal sources; to administer the Homeland 
Security Advisory System and provide specific warning information 
and advice on appropriate protective measures and counter- 
measures; to share information both internally and externally with 
agencies in law enforcement on such things as goods and pas- 
sengers in- bound to the United States and individuals who are 
known or suspected terrorists or criminals; and to share informa- 
tion among emergency responders in preparing for and responding 
to terrorist attacks and other emergencies. 

GAO has made numerous recommendations over the last several 
years related to information-sharing functions that have been 
transferred to the Department of Homeland Security. A number of 
actions have been taken or are underway to improve information- 
sharing, such as the department’s recent announcement of the cre- 
ation of the U.S. Computer Emergency Response Team, or CERT, 
to provide in part a coordination center that links public and pri- 
vate response capabilities. 

However, further efforts are needed to address several informa- 
tion-sharing challenges concerning the government’s CIP efforts. 
These challenges include developing a comprehensive and coordi- 
nated national CIP plan to facilitate information-sharing that 
clearly delineates the roles and responsibilities of federal and non- 
federal entities, defines interim objectives and milestones, sets time 
frames for achieving them and establishes performance measures. 

Two, developing fully productive information-sharing relation- 
ships within the federal government and between the federal gov- 
ernment and the state and local governments, the private sector 
and others. 

Three, improving the federal government’s capabilities to analyze 
incident, threat and vulnerability information and share appro- 
priate, timely and useful warnings and other information con- 
cerning cyber and physical threats. 

And four, providing appropriate incentives for non- federal enti- 
ties to increase information sharing with the federal government 
and to enhance other CIP efforts. 

Success of homeland security also relies on establishing effective 
systems and processes within the department to facilitate informa- 
tion-sharing. Through our prior work we have identified several 
critical success factors and other key management issues that the 
department should consider as it establishes systems and processes 
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for information sharing. For example, the department should con- 
tinue its efforts to develop and implement an enterprise architec- 
ture to integrate the many existing systems and processes required 
to support its mission and to guide the department’s investments 
in new systems to effectively support homeland security in the 
coming years. 

Two, to implement effective system acquisition and investment 
management processes to appropriately select, control and evaluate 
IT projects. And third, to implement effective information security 
to protect the sensitive information that the department maintains 
and to develop secure, available communication networks to safely 
transmit information. 

Other key management issues include developing a performance 
focus, integrating staff from different organizations and ensuring 
the department has properly skilled staff. 

Mr. Chairman, this concludes my statement. I would be happy 
to answer any questions that you have. 

[The statement of Mr. Dacey follows:] 

PREPARED STATEMENT OF MR. ROBERT F. DACEY, DIRECTOR, 
INFORMATION SECURITY, GENERAL ACCOUNTING OFFICE 

INFORMATION SHARING RESPONSIBILITIES, CHALLENGES, AND KEY 
MANANGEMENT ISSUES 

Messrs. Chairmen and Members of the Subcommittees: 

I am pleased to be here today to discuss the challenges that the Department of 
Homeland Security (DHS ) faces in integrating its information gathering and sharing 
functions, particularly as they relate to fulfilling its critical infrastructure protection 
(CIP) responsibilities. CIP involves activities that enhance the security of the cyber 
and physical public and private infrastructures that are essential to our national se- 
curity, national economic security, and/or national public health and safety. The 
Homeland Security Act of 2002 brought together 22 diverse organizations and cre- 
ated DHS to help prevent terrorist attacks in the United States, reduce the vulner- 
ability of the United States to terrorist attacks, and minimize damage and assist 
in recovery from attacks that do occur. To accomplish this mission, the act estab- 
lished specific homeland security and CIP responsibilities for the department and 
directed it to coordinate its efforts and share information among its own entities and 
with other federal agencies, state and local governments, the private sector, and oth- 
ers. 

In my testimony today, I will summarize our analysis of information sharing as 
an integral part of fulfilling DHS’s mission and CIP responsibilities. I will then dis- 
cuss our related prior analyses and recommendations for improving the federal gov- 
ernment’s information sharing efforts. Last, I will discuss the key management 
issues that DHS should consider in developing and implementing effective informa- 
tion sharing processes and systems. 

In preparing this testimony, we relied on prior GAO reports and testimonies on 
combating terrorism, critical infrastructure protection (CIP), homeland security, in- 
formation sharing, information technology (IT), and national preparedness, among 
others. These prior reports and testimonies included our review and analysis of the 
National Strategy for Homeland Security, the National Strategy to Secure Cyber- 
space, the National Strategy for the Physical Protection of Critical Infrastructures 
and Key Assets, the National Strategy for Combating Terrorism, 1 the Homeland Se- 
curity Act of 2002, 2 and other relevant federal policies. Our work for today’s testi- 
mony was performed in September 2003 in accordance with generally accepted gov- 
ernment auditing standards. 


1 The White House, The National Strategy for Homeland Security (Washington, D.C.: July 
2002); The National Strategy to Secure Cyberspace (Washington, D.C.: February 2003); The Na- 
tional Strategy for the Physical Protection of Critical Infrastructures and Key Assets (Wash- 
ington, D.C.: February 2003); and The National Strategy for Combating Terrorism (Washington, 
D.C.: February 2003). 

2 Public Law 107-296. 
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Results in Brief 

The Homeland Security Act of 2002 and other federal policy, including the National 
Strategy for Homeland Security, assign responsibilities to DHS for coordinating and 
sharing information related to threats of domestic terrorism, within the department 
and with and between other federal agencies, state and local governments, the pri- 
vate sector, and other entities. For example, to accomplish its missions, the new de- 
partment must (1) access, receive, and analyze law enforcement information, intel- 
ligence information, and other threat, incident, and vulnerability information from 
federal and nonfederal sources; (2) analyze this information to identify and assess 
the nature and scope of terrorist threats; and (3) administer the Homeland Security 
Advisory System and provide specific warning information and advice on appro- 
priate protective measures and countermeasures. Further, DHS must share infor- 
mation both internally and externally with agencies and law enforcement on such 
things as goods and passengers inbound to the United States and individuals who 
are known or suspected terrorists and criminals. It also must share information 
among emergency responders in preparing for and responding to terrorist attacks 
and other emergencies. 

We have made numerous recommendations over the last several years related to in- 
formation sharing functions that have been transferred to DHS. One significant 
area concerns the federal government’s CIP efforts, which is focused on the sharing 
of information on incidents, threats, and vulnerabilities, and the providing of warn- 
ings related to critical infrastructures both within the federal government and be- 
tween the federal government and state and local governments and the private sec- 
tor. Although improvements have been made, further efforts are needed to address 
the following critical CIP challenges: 

• developing a comprehensive and coordinated national plan to facilitate CIP infor- 
mation sharing that clearly delineates the roles and responsibilities of federal and 
nonfederal CIP entities, defines interim objectives and milestones, sets timeframes 
for achieving objectives, and establishes performance measures; 

• developing fully productive information sharing relationships within the federal 
government and between the federal government and state and local governments 
and the private sector; 

• improving the federal government’s capabilities to analyze incident, threat, and 
vulnerability information obtained from numerous sources and share appropriate, 
timely, useful warnings and other information concerning both cyber and physical 
threats to federal entities, state and local governments, and the private sector; and 

• providing appropriate incentives for nonfederal entities to increase information 
sharing with the federal government and enhance other CIP efforts. 

In addition, we recently identified challenges in consolidating and standardizing 
watch list structures and policies, which are essential to effectively sharing informa- 
tion on suspected terrorists and criminals. 3 

The success of homeland security also relies on establishing effective systems and 
processes to facilitate information sharing among and between government entities 
and the private sector. Through our prior work, we have identified critical success 
factors and other key management issues that DHS should consider as it establishes 
systems and processes to facilitate information sharing among and between govern- 
ment entities and the private sector. These success factors include establishing trust 
relationships with a wide variety of federal and nonfederal entities that may be in 
a position to provide potentially useful information and advice on vulnerabilities and 
incidents. As part of its information technology management, DHS should continue 
to develop and implement an enterprise architecture to integrate the many existing 
systems and processes required to support its mission and to guide the department’s 
investments in new systems to effectively support homeland security in the coming 
years. Other key management issues include ensuring that sensitive information is 
secured, developing secure communications networks, integrating staff from dif- 
ferent organizations, and ensuring that the department has properly skilled staff. 

Information Sharing Is Integral to Fulfilling DHS’s Mission 

With the terrorist attacks of September 2001, the threat of terrorism rose to the top 
of the country’s national security and law enforcement agendas. As stated by the 
President in his National Strategy for Homeland Security in July 2002, our nation’s 
terrorist enemies are constantly seeking new tactics or unexpected ways to carry out 


3 Watch lists are automated databases that contain various types of data on individuals, from 
biographical data — such as a person’s name and date of birth — to biometric data such as finger- 
prints. 
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their attacks and magnify their effects, such as working to obtain chemical, biologi- 
cal, radiological, and nuclear weapons. In addition, terrorists are gaining expertise 
in less traditional means, such as cyber attacks. In response to these growing 
threats, Congress passed and the President signed the Homeland Security Act of 
2002 creating the DHS. The overall mission of this new cabinet-level department 
includes preventing terrorist attacks in the United States, reducing the vulner- 
ability of the United States to terrorist attacks, and minimizing damage and assist- 
ing in recovery from attacks that do occur. To accomplish this mission, the act es- 
tablished specific homeland security responsibilities for the department and directed 
it to coordinate its efforts and share information within DHS and with other federal 
agencies, state and local governments, the private sector, and other entities. This 
information sharing is critical to successfully addressing increasing threats and ful- 
filling the mission of DHS. 

Threats, Incidents, and the Consequences of Potential Attacks Are Increas- 
ing 

DHS’s responsibilities include the protection of our nation’s publicly and privately 
controlled resources essential to the minimal operations of the economy and govern- 
ment against the risks of physical as well as computer-based or cyber attacks. Over 
the last decade, physical and cyber events, as well as related analyses by various 
entities, have demonstrated the increasing threat to the United States. 

With the coordinated terrorist attacks against the World Trade Center in New 
York City and the Pentagon in Washington, D.C., on September 11, 2001, the threat 
of terrorism rose to the top of the country’s national security and law enforcement 
agendas. Even before these catastrophic incidents, the threat of attacks against peo- 
ple, property, and infrastructures had increased concerns about terrorism. The ter- 
rorist bombings in 1993 of the World Trade Center in New York City and in 1995 
of the Alfred P. Murrah Federal Building in Oklahoma City, which killed 168 people 
and wounded hundreds of others, prompted increased emphasis on the need to 
strengthen and coordinate the federal government’s ability to effectively combat ter- 
rorism domestically. The 1995 Aum Shinrikyo sarin nerve agent attack in the Tokyo 
subway system also raised new concerns about U.S. preparedness to combat ter- 
rorist incidents involving weapons of mass destruction. 4 However, as clearly dem- 
onstrated by the September 11, 2001, incidents, a terrorist attack would not have 
to fit the definition of weapons of mass destruction to result in mass casualties, de- 
struction of critical infrastructures, economic losses, and disruption of daily life na- 
tionwide. 

U.S. intelligence and law enforcement communities continuously assess both foreign 
and domestic terrorist threats to the United States. Table 1 summarizes key phys- 
ical threats to homeland security. 

Table 1: Physical Threats to Homeland Security 


Threat 

Description 

Chemical weapons 

Chemical weapons are extremely lethal and capable of producing tens of 
thousands of casualties. They are also relatively easy to manufacture, 
using basic equipment, trained personnel, and precursor materials that 
often have legitimate dual uses. As the 1995 Tokyo subway attack re- 
vealed, even sophisticated nerve agents are within the reach of terrorist 
groups. 

Biological weapons 

Biological weapons, which release large quantities of living, disease-caus- 
ing microorganisms, have extraordinary lethal potential. Like chemical 
weapons, biological weapons are relatively easy to manufacture, requiring 
straightforward technical skills, basic equipment, and a seed stock of 
pathogenic microorganisms. Biological weapons are especially dangerous 
because we may not know immediately that we have been attacked, al- 
lowing an infectious agent time to spread. Moreover, biological agents 
can serve as a means of attack against humans as well as livestock 
and crops, inflicting casualties as well as economic damage. 


4 A weapon of mass destruction is a chemical, biological, radiological, or nuclear agent or 
weapon. 
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Table 1: Physical Threats to Homeland Security — Continued 


Threat 

Description 

Radiological weapons 

Radiological weapons, or “dirty bombs,” combine radioactive material with 
conventional explosives. The individuals and groups engaged in terrorist 
activity can cause widespread disruption and fear, particularly in heavily 
populated areas. 

Nuclear weapons 

Nuclear weapons have enormous destructive potential. Terrorists who seek 
to develop a nuclear weapon must overcome two formidable challenges. 
First, acquiring or refining a sufficient quantity of fissile material is very 
difficult — though not impossible. Second, manufacturing a workable 
weapon requires a very high degree of technical capability — though ter- 
rorists could feasibly assemble the simplest type of nuclear device. To 
get around these significant though not insurmountable challenges, ter- 
rorists could seek to steal or purchase a nuclear weapon. 

Conventional means 

Terrorists, both domestic and international, continue to use traditional 
methods of violence and destruction to inflict harm and spread fear. 
They have used knives, guns, and bombs to kill the innocent. They have 
taken hostages and spread propaganda. Given the low expense, ready 
availability of materials, and relatively high chance for successful execu- 
tion, terrorists will continue to make use of conventional attacks. 


Source: National Strategy for Homeland Security 


In addition to these physical threats, terrorists and others with malicious intent, 
such as transnational criminals and intelligence services, pose a threat to our na- 
tion’s computer systems. As dramatic increases in computer interconnectivity, espe- 
cially in the use of the Internet, continue to revolutionize the way much of the world 
communicate and conducts business, this widespread interconnectivity also poses 
significant risks to the government’s and our nation’s computer systems and, more 
importantly, to the critical operations and infrastructures they support. For exam- 
ple, telecommunications, power distribution, water supply, public health services, 
national defense (including the military’s warfighting capability), law enforcement, 
government services, and emergency services all depend on the security of their 
computer operations. If not properly controlled, the speed and accessibility that cre- 
ate the enormous benefits of the computer age also allow individuals and organiza- 
tions to inexpensively eavesdrop on or interfere with these operations from remote 
locations for mischievous or malicious purposes. 

Government officials are increasingly concerned about cyber attacks from individ- 
uals and groups with malicious intent, such as crime, terrorism, foreign intelligence 
gathering, and acts of war. According to the FBI, terrorists, transnational criminals, 
and intelligence services are quickly becoming aware of and are using information 
exploitation tools such as computer viruses, Trojan horses, worms, logic bombs, and 
eavesdropping sniffers that can destroy, intercept, degrade the integrity of, or deny 
access to data . 5 In addition, the disgruntled organization insider is a significant 
threat, since these individuals often have knowledge that allows them to gain unre- 
stricted access and inflict damage or steal assets without possessing a great deal 
of knowledge about computer intrusions. As greater amounts of money are trans- 
ferred through computer systems, as more sensitive economic and commercial infor- 
mation is exchanged electronically, and as the nation’s defense and intelligence com- 
munities increasingly rely on commercially available IT, the likelihood increases 


5 Virus: a program that “infects” computer flies, usually executable programs, by inserting a 
copy of itself into the file. These copies are usually executed when the “infected” file is loaded 
into memory, allowing the virus to infect other files. Unlike the computer worm, a virus requires 
human involvement (usually unwitting) to propagate. Trojan horse: a computer program that 
conceals harmful code. A Trojan horse usually masquerades as a useful program that a user 
would wish to execute. Worm: an independent computer program that reproduces by copying 
itself from one system to another across a network. Unlike computer viruses, worms do not re- 
quire human involvement to propagate. Logic bomb: in programming, a form of sabotage in 
which a programmer inserts code that causes the program to perform a destructive action when 
some triggering event occurs, such as terminating the programmer’s employment. Sniffer: syn- 
onymous with packet sniffer. A program that intercepts routed data and examines each packet 
in search of specified information, such as passwords transmitted in clear text. 



159 


that cyber attacks will threaten vital national interests. Table 2 summarizes the key 
cyber threats to our infrastructure. 

Table 2: Cyber Threats to Critical Infrastructure Observed by the FBI 


Threat 

Description 

Criminal groups 

There is an increased use of cyber intrusions by criminal groups who 
attack systems for purposes of monetary gain. 

Foreign intelligence services 

Foreign intelligence services use cyber tools as part of their information 
gathering and espionage activities. 

Hackers 

Hackers sometimes crack into networks for the thrill of the challenge or 
for bragging rights in the hacker community. While remote cracking 
once required a fair amount of skill or computer knowledge, hackers 
can now download attack scripts and protocols from the Internet and 
launch them against victim sites. Thus, while attack tools have be- 
come more sophisticated, they have also become easier to use. 

Hacktivists 

Hacktivism refers to politically motivated attacks on publicly accessible 
Web pages or e-mail servers. These groups and individuals overload 
e-mail servers and hack into Web sites to send a political message. 

Information warfare 

Several nations are aggressively working to develop information warfare 
doctrine, programs, and capabilities. Such capabilities enable a sin- 
gle entity to have a significant and serious impact by disrupting the 
supply, communications, and economic infrastructures that support 
military power — impacts that, according to the Director of Central 
Intelligence, 3 can affect the daily lives of Americans across the 
country. 

Insider threat 

The disgruntled organization insider is a principal source of computer 
crimes. Insiders may not need a great deal of knowledge about com- 
puter intrusions because their knowledge of a victim system often al- 
lows them to gain unrestricted access to cause damage to the sys- 
tem or to steal system data. 

Virus writers 

Virus writers are posing an increasingly serious threat. Several destruc- 
tive computer viruses and “worms” have harmed files and hard 
drives, including the Melissa Macro Virus, the Explore. Zip worm, the 
CIH (Chernobyl) Virus, Nimda, and Code Red. 


Source: Federal Bureau of Investigation unless otherwise indicated. 

a Prepared Statement of George J. Tenet, Director of Central Intelligence, before the Senate Select 
Committee on Intelligence, Feb. 2, 2000. 


As the number of individuals with computer skills has increased, more intrusion or 
“hacking” tools have become readily available and relatively easy to use. A hacker 
can literally download tools from the Internet and “point and click” to start an at- 
tack. Experts also agree that there has been a steady advance in the sophistication 
and effectiveness of attack technology. Intruders quickly develop attacks to exploit 
vulnerabilities discovered in products, use these attacks to compromise computers, 
and share them with other attackers. In addition, they can combine these attacks 
with other forms of technology to develop programs that automatically scan the net- 
work for vulnerable systems, attack them, compromise them, and use them to 
spread the attack even further. 

Along with these increasing threats, the number of computer security incidents re- 
ported to the CERT® Coordination Center 6 has also risen dramatically from just 
under 10,000 in 1999 to about 82,000 in 2002, and to over 76,000 for the first and 
second quarters of 2003. And these are only the reported attacks. The Director of 
CERT Centers stated that he estimates that as much as 80 percent of actual secu- 
rity incidents goes unreported, in most cases because (1) the organization was un- 


6 The CERT® Coordination Center (CERT® CC) is a center of Internet security expertise at 
the Software Engineering Institute, a federally funded research and development center oper- 
ated by Carnegie Mellon University. 
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able to recognize that its systems had been penetrated or there were no indications 
of penetration or attack or (2) the organization was reluctant to report. Figure 1 
shows the number of incidents reported to the CERT Coordination Center from 1995 
through the first half of 2003. 


Figure 1: Information Security Incidents Reported to Camegie-Mellon's CERT 
Coordination Center from 1995 through the First Half of 2003 
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Source: GAO analysis based on Camegi e-Melton University’s CERT!i)Coocdmauon Center data. 

According to the National Security Agency, foreign governments already have or are 
developing computer attack capabilities, and potential adversaries are developing a 
body of knowledge about U.S. systems and methods to attack these systems. Since 
the terrorist attacks of September 11, 2001, warnings of the potential for terrorist 
cyber attacks against our critical infrastructures have also increased. For example, 
in February 2002, the threat to these infrastructures was highlighted by the Special 
Advisor to the President for Cyberspace Security in a Senate briefing when he stat- 
ed that although to date none of the traditional terrorists groups, such as al Qaeda, 
have used the Internet to launch a known assault on the United States’ infrastruc- 
ture, information on water systems was discovered on computers found in al Qaeda 
camps in Afghanistan. 7 Also, in his February 2002 statement for the Senate Select 
Committee on Intelligence, the director of central intelligence discussed the possi- 
bility of cyber warfare attack by terrorists. 8 He stated that the September 11 at- 
tacks demonstrated the nation’s dependence on critical infrastructure systems that 
rely on electronic and computer networks. Further, he noted that attacks of this na- 
ture would become an increasingly viable option for terrorists as they and other for- 
eign adversaries become more familiar with these targets and the technologies re- 
quired to attack them. 

Since September 11, 2001, the critical link between cyberspace and physical space 
has also been increasingly recognized. In his November 2002 congressional testi- 
mony, the Director, CERT Centers at Carnegie-Mellon University, noted that super- 
visory control and data acquisition (SCADA) systems and other forms of networked 
computer systems have been used for years to control power grids, gas and oil dis- 
tribution pipelines, water treatment and distribution systems, hydroelectric and 
flood control dams, oil and chemical refineries, and other physical systems, and that 
these control systems are increasingly being connected to communications links and 
networks to reduce operational costs by supporting remote maintenance, remote 
control, and remote update functions. 9 These computer-controlled and network-con- 
nected systems are potential targets for individuals bent on causing massive disrup- 


7 “Administrative Oversight: Are We Ready for A Cyber Terror Attack?” Testimony before the 
Senate Committee on the Judiciary, Subcommittee on Administrative Oversight and the Courts, 
by Richard A. Clarke, Special Advisor to the President for Cyberspace Security and Chairman 
of the President’s Critical Infrastructure Protection Board (Feb. 13, 2002). 

8 Testimony of George J. Tenet, Director of Central Intelligence, before the Senate Select Com- 
mittee on Intelligence, Feb. 6, 2002. 

9 Testimony of Richard D. Pethia, Director, CERT Centers, Software Engineering Institute, 
Carnegie Mellon University, before the House Committee on Government Reform, Subcommittee 
on Government Efficiency, Financial Management and Intergovernmental Relations, Nov. 19, 
2002 . 
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tion and physical damage, and the use of commercial, off-the-shelf technologies for 
these systems without adequate security enhancements can significantly limit avail- 
able approaches to protection and may increase the number of potential attackers. 
Not only is the cyber protection of our critical infrastructures important in and of 
itself, but a physical attack in conjunction with a cyber attack has also been high- 
lighted as a major concern. In fact, the National Infrastructure Protection Center 
(NIPC) has stated that the potential for compound cyber and physical attacks, re- 
ferred to as “swarming attacks,” is an emerging threat to the U.S. critical infra- 
structure. 10 As NIPC reports, the effects of a swarming attack include slowing or 
complicating the response to a physical attack. For example, cyber attacks can be 
used to delay the notification of emergency services and to deny the resources need- 
ed to manage the consequences of a physical attack. In addition, a swarming attack 
could be used to worsen the effects of a physical attack. For example, a cyber attack 
on a natural gas distribution pipeline that opens safety valves and releases fuels 
or gas in the area of a planned physical attack could enhance the force of the phys- 
ical attack. 


Information Sharing is Critical to Meeting DHS’s Mission 

As our government and our nation has become ever more reliant on interconnected 
computer systems to support critical operations and infrastructures and as physical 
and cyber threats and potential attack consequences have increased, the importance 
of sharing information and coordinating the response to threats among stakeholders 
has increased. Information sharing and coordination among organizations are cen- 
tral to producing comprehensive and practical approaches and solutions to com- 
bating threats. For example, having information on threats and on actual incidents 
experienced by others can help an organization identify trends, better understand 
the risk it faces, and determine what preventive measures should be implemented. 
In addition, comprehensive, timely information on incidents can help federal and 
nonfederal analysis centers determine the nature of an attack, provide warnings, 
and advise on how to mitigate an imminent attack. Also, sharing information on ter- 
rorists and criminals can Help to secure our nation’s borders. 

The Homeland Security Act of 2002 created DHS with the primary responsibility 
of preventing terrorist attacks in the United States, reducing the vulnerability of 
the United States to terrorist attacks, and minimizing damage and assisting in re- 
covery from attacks that do occur. To help DHS accomplish its mission, the act es- 
tablishes, among other entities, five under secretaries with responsibility over direc- 
torates for management, science and technology, information analysis and infra- 
structure protection, border and transportation security, and emergency prepared- 
ness and response. 

As part of DHS’s responsibilities, the act includes several provisions specifically re- 
lated to coordinating and sharing information within the department and among 
other federal agencies, state and local governments, the private sector, and other en- 
tities. It also includes provisions for protecting CIP information shared by the pri- 
vate sector and for sharing different types of information, such as grand jury and 
intelligence information. Other DHS responsibilities related to information sharing 
include 

• requesting and receiving information from other federal agencies, state and local 
government agencies, and the private sector relating to threats of terrorism in the 
United States; 

• distributing or, as appropriate, coordinating the distribution of warnings and in- 
formation with other federal agencies, state and local governments and authorities, 
and the public; 

• creating and fostering communications with the private sector; 

• promoting existing public/private partnerships and developing new public/private 
partnerships to provide for collaboration and mutual support; and 

• coordinating and, as appropriate, consolidating the federal government’s commu- 
nications and systems of communications relating to homeland security with state 
and local governments and authorities, the private sector, other entities, and the 
public. 

Each DHS directorate is responsible for coordinating relevant efforts with other fed- 
eral, state, and local governments. The act also established the Office for State and 
Local Government Coordination to, among other things, provide state and local gov- 
ernments with regular information, research, and technical support to assist tKem 
in securing the nation. Further, the act included provisions as the “Homeland Secu- 


10 National Infrastructure Protection Center, Swarming Attacks: Infrastructure Attacks for De- 
struction and Disruption (Washington, D.C.: July 2002). 
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rity Information Sharing Act” that requires the President to prescribe and imple- 
ment procedures for facilitating homeland security information sharing and estab- 
lishes authorities to share different types of information, such as grand jury infor- 
mation; electronic, wire, and oral interception information; and foreign intelligence 
information. In July 2003, the President assigned these functions to the Secretary 
of Homeland Security. 11 

The following sections illustrate how DHS will require successful information shar- 
ing within the department and between federal agencies, state and local govern- 
ments, and the private sector to effectively carry out its mission. 

Information Analysis and Infrastructure Protection Directorate 

The Information Analysis and Infrastructure Protection Directorate (IAIP) is re- 
sponsible for accessing, receiving, and analyzing law enforcement information, intel- 
ligence information, and other threat and incident information from respective agen- 
cies of federal, state, and local governments and the private sector, and for com- 
bining and analyzing such information to identify and assess the nature and scope 
of terrorist threats. IAIP is also tasked with coordinating with other federal agen- 
cies to administer the Homeland Security Advisory System to provide specific warn- 
ing information along with advice on appropriate protective measures and counter- 
measures. 12 Further, IAIP is responsible for disseminating, as appropriate, informa- 
tion analyzed by DHS within the department, to other federal agencies, to state and 
local government agencies, and to private-sector entities. 

The Homeland Security Act of 2002 makes DHS and its IAIP directorate also re- 
sponsible for key CIP functions for the federal government. CIP involves activities 
that enhance the security of our nation’s cyber and physical public and private in- 
frastructure that are critical to national security, national economic security, and/ 
or national public health and safety. Information sharing is a key element of these 
activities. Over 80 percent of our nation’s critical infrastructures are controlled by 
the private sector. As part of its CIP responsibilities, IAIP is responsible for 

(1) developing a comprehensive national plan for securing the key resources and 
critical infrastructure of the United States and 

(2) recommending measures to protect the key resources and critical infrastructure 
of the United States in coordination with other federal agencies and in cooperation 
with state and local government agencies and authorities, the private sector, and 
other entities. 

Federal CIP policy has continued to evolve since the mid-1990s through a variety 
of working groups, special reports, executive orders, strategies, and organizations. 
In particular, Presidential Decision Directive 63 (PDD 63) issued in 1998 estab- 
lished CIP as a national goal and described a strategy for cooperative efforts by gov- 
ernment and the private sector to protect the physical and cyber-based systems es- 
sential to the minimum operations of the economy and the government. To accom- 
plish its goals, PDD 63 established and designated organizations to provide central 
coordination and support. These included the Critical Infrastructure Assurance Of- 
fice (CIAO), an interagency office established to develop a national plan for CIP, and 
NIPC, which was expanded to address national-level threat assessment, warning, 
vulnerability, and law enforcement investigation/response. The Homeland Security 
Act of 2002 transferred these and certain other CIP entities and their functions 
(other than the Computer Investigations and Operations Section of NIPC ) to DHS’s 
IAIP directorate. 

Federal CIP policy, beginning with PDD 63 and reinforced through other strategy 
documents, including the National Strategy for Homeland Security issued in July 
2002, called for a range of activities intended to establish a partnership between the 
public and private sectors to ensure the security of our nation’s critical infrastruc- 
tures. To ensure coverage of critical infrastructure sectors, this policy identified in- 
frastructure sectors that were essential to our national security, national economic 
security, and/or national public health and safety. For these sectors, which now total 
14, federal government leads (sector liaisons) and private-sector leads (sector coordi- 
nators) were to work with each other to address problems related to CIP for their 
sector. In particular, they were to (1) develop and implement vulnerability aware- 
ness and education programs and (2) contribute to a sectoral plan by 
• assessing the vulnerabilities of the sector to cyber or physical attacks; 


11 The White House, Executive Order 13311 — Homeland Security Information Sharing (Wash- 
ington, D.C.: Jul. 29, 2003). 

12 The Homeland Security Advisory System uses five levels (Severe, High, Elevated, Guarded, 
and Low) to inform federal, state, and local government agencies and authorities, the private 
sector, and the public of the nation’s terrorist threat conditions. 
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• recommending a plan to eliminate significant vulnerabilities; 

• proposing a system for identifying and preventing major attacks; and 

• developing a plan for alerting, containing, and rebuffing an attack in progress and 
then, in coordination with the Federal Emergency Management Agency as appro- 
priate, rapidly reconstituting minimum essential capabilities in the aftermath of an 
attack. 

CIP policy also called for sector liaisons to identify and assess economic incentives 
to encourage the desired sector behavior in CIP. Federal grant programs to assist 
state and local efforts, legislation to create incentives for the private sector and, in 
some cases, regulation are mentioned in CIP policy. 

Federal CIP policy also encourages the voluntary creation of information sharing 
and analysis centers (ISACs) to serve as mechanisms for gathering, analyzing, and 
appropriately sanitizing and disseminating information to and from infrastructure 
sectors and the federal government through NIPC. Their activities could improve 
the security posture of the individual sectors, as well as provide an improved level 
of communication within and across sectors and all levels of government. While 
PDD 63 encouraged the creation of ISACs, it left the actual design and functions 
of the ISACs, along with their relationship with NIPC, to be determined by the pri- 
vate sector in consultation with the federal government. PDD 63 did provide sug- 
gested activities, which the ISACs could undertake, including 

• establishing baseline statistics and patterns on tbe various infrastructures; 

• serving as a clearinghouse for information within and among the various sectors; 

• providing a library for historical data for use by the private sector and govern- 
ment; and 

• reporting private-sector incidents to NIPC. 

As we reported in our April 8, 2003, 13 testimony, table 3 shows the sectors identified 
in federal CIP policy, the lead agencies for these sectors, and whether or not an 
ISAC has been established for the sector. 

Table 3: Lead Agencies and ISAC Status by CIP Sector 


Sectors 

Sectors identified by PDD 63 

Designated lead agency 

ISAC 

established 

Information and telecommunications 

Homeland Security* 


Information technology 


X 

Telecommunications 


X 

Research and education networks 


X 

Banking and finance 

Treasury 

X 

Water 

Environmental Protection Agency 

X 

Transportation 

Aviation 

Homeland Security* 


Surface transportation 


X 

Maritime 


prospective 

Trucking 


X 

Emergency services** 

Homeland Security* 


Emergency law enforcement 


X 

Emergency fire services 


X 

Government ** 

Homeland Security* 


Interstate 


X 

Energy 

Energy 


Electric power 


X 

Oil and gas 


X 

Public health 

Health and Human Services 



13 U.S. General Accounting Office, Information Security Progress Made, But Challenges Re- 
main to Protect Federal Systems and the Nation’s Critical Infrastructures, GAO— 03-564T {Wash- 
ington, D.C.: Apr. 8, 2003). 
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Table 3: Lead Agencies and ISAC Status by CIP Sector — Continued 


Sectors 

Sectors identified by PDD 63 

Designated lead agency 

ISAC 

established 

Sectors identified by the National Strategy 

for Homeland Security 

Food 

Meat and poultry 

All other food products 

Agriculture 

Health and Human Services 

X 

Agriculture 

Agriculture 


Chemical industry and hazardous materials 
Chemicals 

Environmental Protection Agency 

X 

Defense industrial base 

Defense 


Postal and shipping 

Homeland Security 


National monuments and icons 

Interior 


Other communities that have established 

ISACs 

Real estate 


X 


* The lead agencies previously designated by PDD 63 were (from top to bottom) the Department of 
Commerce, Department of Transportation, Department of Justice/Federal Bureau of In- 
vestigation, and the Federal Emergency Management Agency. 

**PDD 63 identified as critical sectors (1) emergency law enforcement and (2) emergency fire serv- 
ices and continuity of government. In the National Strategy for Homeland Security, emer- 
gency law enforcement and emergency fire services are both included in an emergency 
services sector. Also, continuity of government, along with continuity of operations, is 
listed as a subcomponent under the government sector. 


The Interstate ISAC shown in table 3 was established by the National Association 
of State Chief Information Officers (NASCIO) and is intended to provide a mecha- 
nism for informing state officials about DHS threat warnings, alerts, and other rel- 
evant information, and for state officials to report information to DHS. According 
to a NASCIO official, currently, there are limited resources available to provide sug- 
gested ISAC activities. For example, there is not a watch operation, although notifi- 
cations can be sent out to members at any time and some states have their own 
watch centers. He also stated that NASClO’s efforts have focused on working with 
DHS to develop an intergovernmental approach, similar to other federal and state 
efforts such as law enforcement task forces, where state and federal agencies share 
resources and responsibilities. 

As called for by the National Strategy for Homeland Security, on February 14, 2003, 
the President also released the National Strategy to Secure Cyberspace and the com- 
plementary National Strategy for the Physical Protection of Critical Infrastructures 
and Key Assets. These two strategies identify priorities, actions, and responsibilities 
for the federal government (including lead agencies and DHS) as well as for state 
and local governments and the private sector. These two strategies also emphasize 
the importance of developing mechanisms for the public and private sectors to share 
information about vulnerabilities, incidents, threats, and other security data. For ex- 
ample, the National Strategy to Secure Cyberspace calls for the development of a 
National Cyberspace Security Response System. To be coordinated by DHS, this sys- 
tem is described as a public/private architecture for analyzing and warning, man- 
aging incidents of national significance, promoting continuity in government sys- 
tems and private-sector infrastructures, and increasing information sharing across 
and between organizations to improve cyberspace security. The system is to include 
governmental and nongovernmental entities, such as private-sector ISACs. The 
strategies also encourage the continued establishment of ISACs and efforts to en- 
hance the analytical capabilities of existing ISACs. 

As we reported in April 2003, according to a DHS official, the department is con- 
tinuing to carry out the CIP activities of the functions and organizations transferred 
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to it by the Homeland Security Act of 2002. 14 Further, this official stated that the 
department is taking actions to enhance those activities as it integrates them within 
the new department and is continuing previously established efforts to maintain 
and build relationships with other federal entities, including the FBI and other 
NIPC partners, and with the private sector. 

To fulfill its mission, the IAIP directorate will need to ensure effective information 
sharing with other federal entities. For example, information sharing with the re- 
cently formed Terrorist Threat Integration Center (TTIC) is a central function of the 
directorate. TTIC was created to merge and analyze terrorist-related information 
collected domestically and abroad to enhance coordination, facilitate threat analysis, 
and enable more comprehensive threat assessments. DHS is providing staff to work 
at TTIC, and the center is to provide DHS with a comprehensive assessment of 
threat information that will guide the department’s response to any potential at- 
tacks. 

To help implement its cybersecurity responsibilities, in June 2003, DHS created the 
National Cyber Security Division within IAIP, and on September 15, 2003, DHS an- 
nounced the appointment of the first director of the division. According to DHS, this 
division will identify, analyze, and reduce cyber threats and vulnerabilities; dissemi- 
nate threat warning information; coordinate incident response; and provide tech- 
nical assistance in continuity of operations and recovery planning. Building on capa- 
bilities transferred to DHS from the CIAO, the NIPC, the Federal Computer Inci- 
dent Response Center (FedCIRC), and the National Communications System, the di- 
vision is organized around three units designed to: 

• identify risks and help reduce the vulnerabilities to government’s cyber assets and 
coordinate with the private sector to identify and help protect America’s critical 
cyber assets; 

• oversee a consolidated Cyber Security Tracking, Analysis, & Response Center, 
which will detect and respond to Internet events; track potential threats and 
vulnerabilities to cyberspace; and coordinate cybersecurity and incident response 
with federal, state, local, private-sector and international partners; and 

• create, in coordination with other appropriate agencies, cybersecurity awareness 
and education programs and partnerships with consumers, businesses, governments, 
academia, and international communities. 

Also, on September 15, 2003, DHS announced the creation of the U.S. Computer 
Emergency Response Team (US — CERT) — a partnership between the National 
Cyber Security Division and CERT/CC. According to DHS, it will 

• improve warning and response time to security incidents by fostering the develop- 
ment of detection tools and using common commercial incident and vulnerability re- 
porting protocols — with the goal to reduce the response time to a security event to 
an average of 30 minutes by the end of 2004; 

• increase the flow of critical security information throughout the Internet commu- 
nity; 

• provide a coordination center that, for the first time, links public and private re- 
sponse capabilities to facilitate communication across all infrastructure sectors; 

• collaborate with the private sector to develop and implement new tools and meth- 
ods for detecting and responding to vulnerabilities; and 

• work with infrastructure owners and operators and technology experts to foster 
the development of improved security technologies and methods to increase 
cybersecurity at all levels across the nation. 

In its announcement, DHS also stated that the US — CERT is expected to grow to 
include other partnerships with private-sector security vendors and other domestic 
and international CERT organizations. These groups will work together to coordi- 
nate national and international efforts to prevent, protect, and respond to the effects 
of cyber attacks across the Internet. 

The Directorate of Border and Transportation Security 

According to the act, the Border and Transportation Security Directorate (BTS) is 
responsible for, among other things, (1) preventing the entry of terrorists and the 
instruments of terrorism into the United States; (2) securing the borders, territorial 
waters, ports, terminals, waterways, and air, land, and sea transportation systems, 
including managing and coordinating those functions transferred to the department; 
(3) carrying out immigration enforcement functions; (4) establishing and admin- 
istering rules for granting visas, and (5) administering customs laws. A number of 
federal entities are under its responsibility, such as the Transportation Security Ad- 
ministration, U.S. Customs Service, the border security functions of the Immigration 


14 GAO-03-564T. 
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and Naturalization Service (INS), Animal and Plant Health Inspection Service, and 
the Federal Law Enforcement Training Center. 

To successfully protect the borders and transportation systems of the United States, 
BTS faces the challenge of sharing information across the various organizations 
under its responsibility. According to the National Strategy for Homeland Security, 
to successfully prevent the entry of contraband, unauthorized aliens, and potential 
terrorists, DHS will have to increase the level of information available on inbound 
goods and passengers to the border management component agencies under the 
BTS. For example, the strategy discusses the need to increase the security of inter- 
national shipping containers — noting that 50 percent of the value of U.S. imports 
arrives via 16 million containers. To increase security, U.S. inspectors will need 
shared information so that they can identify high-risk containers. In addition, pro- 
tecting our borders from the entry of unauthorized aliens and potential terrorists 
will require the sharing of information between various law enforcement and immi- 
gration services. For example, we recently reported on the use of watch lists as im- 
portant tools to help secure our nation’s borders. 15 These lists provide decision mak- 
ers with information about individuals who are known or suspected terrorists and 
criminals so that these individuals can be prevented from entering the country, ap- 
prehended while in the country, or apprehended as they attempt to exit the country. 

The Emergency Preparedness and Response Directorate 

According to the act, the Emergency Preparedness and Response Directorate (EPR) 
ensures that the nation is prepared for, and able to recover from, terrorist attacks, 
major disasters, and other emergencies. In addition, EPR is responsible for building 
a comprehensive national incident management system with federal, state, and local 
governments and authorities to respond to such attacks and disasters. Tbis project 
will require developing an extensive program of information sharing among federal, 
state, and local governments. Further, EPR is to develop comprehensive programs 
for developing interoperable communications technology and helping to ensure that 
emergency response providers acquire such technology. Among the functions trans- 
ferred to EPR are the Federal Emergency Management Agency, the Integrated Haz- 
ard Information System of the National Oceanic and Atmospheric Administration, 
and the Metropolitan Medical Response System. 

Information sharing is important to emergency responders to prepare for and re- 
spond to terrorist attacks and other emergencies. For example, if a biological attack 
were to occur, it would be important for health officials to quickly and effectively 
exchange information with relevant experts directly responding to the event in order 
to respond appropriately. To support this type of exchange, the Centers for Disease 
Control and Prevention (CDC) created the Epidemic Information Exchange (Epi-X), 
a secure, Web-based communications network that serves as an information ex- 
change between CDC, state and local health departments, poison control centers, 
and other public health professionals. According to CDC, Epi-X’s primary goals in- 
clude informing health officials about important public health events, helping them 
respond to public health emergencies, and encouraging professional growth and the 
exchange of information. CDC has also created an emergency operations center to 
respond to public health emergencies and to allow for immediate secure communica- 
tion between CDC, the Department of Health and Human Services, federal intel- 
ligence and emergency response officials, DHS, and state and local public health of- 
ficials. 

Information Sharing Challenges 

We have made numerous recommendations over the last several years related to in- 
formation sharing functions that have been transferred to DHS. One significant 
area of our work concerns the federal government’s CIP efforts, which is focused on 
sharing information on incidents, threats, and vulnerabilities and providing warn- 
ings related to critical infrastructures both within the federal government and be- 
tween the federal government and state and local governments and the private sec- 
tor. Although improvements have been made in protecting our nation’s critical infra- 
structures and continuing efforts are in progress, further efforts are needed to ad- 
dress the following critical CIP challenges that we have identified: 

• developing a comprehensive and coordinated national plan to facilitate CIP infor- 
mation sharing, which clearly delineates the roles and responsibilities of federal and 
nonfederal CIP entities, defines interim objectives and milestones, sets timeframes 
for achieving objectives, and establishes performance measures; 


15 U.S. General Accounting Office, Information Technology: Terrorist Watch Lists Should Be 
Consolidated to Promote Better Integration and Sharing, GAO-03-322 (Washington, D.C: Apr. 
15, 2003). 
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• developing fully productive information sharing relationships within the federal 
government and between the federal government and state and local governments 
and the private sector; 

• improving the federal government’s capabilities to analyze incident, threat, and 
vulnerability information obtained from numerous sources and share appropriate 
timely, useful warnings and other information concerning both cyber and physical 
threats to federal entities, state and local governments, and the private sector; and 

• providing appropriate incentives for nonfederal entities to increase information 
sharing with the federal government. 

In addition, we recently identified challenges in consolidating and standardizing 
watch list structures and policies, which are essential to effectively sharing informa- 
tion on suspected criminals and terrorists. 

A Complete and Coordinated National CIP Plan Needs to Be Developed 

An underlying issue in the implementation of CIP is that no national plan to facili- 
tate information sharing yet exists that clearly delineates the roles and responsibil- 
ities of federal and nonfederal CIP entities, defines interim objectives and mile- 
stones, sets time frames for achieving objectives, and establishes performance meas- 
ures. Such a clearly defined plan is essential for defining the relationships among 
all CIP organizations to ensure that the approach is comprehensive and well coordi- 
nated. Since 1998, we have reported on the need for such a plan and made numer- 
ous related recommendations. 

In September 1998, we reported that developing a governmentwide strategy that 
clearly defined and coordinated the roles of federal entities was important to ensure 
governmentwide cooperation and support for PDD 63. 16 At that time, we rec- 
ommended that the Office of Management and Budget (OMB) and the Assistant to 
the President for National Security Affairs ensure such coordination. 

In January 2000, the President issued Defending America’s Cyberspace: National 
Plan for Information Systems Protection: Version 1.0: An Invitation to a Dialogue as 
a first major element of a more comprehensive effort to protect the nation’s informa- 
tion systems and critical assets from future attacks. The plan proposed achieving 
the twin goals of making the U.S. government a model of information security and 
developing a public/private partnership to defend our national infrastructures. How- 
ever, this plan focused largely on federal cyber CIP efforts, saying little about the 
private-sector role. 

In September 2001, we reported that agency questions had surfaced regarding spe- 
cific roles and responsibilities of entities involved in cyber CIP and the timeframes 
within which CIP objectives were to be met, as well as guidelines for measuring 
progress. 17 Accordingly, we made several recommendations to supplement those we 
had made in the past. Specifically, we recommended that the Assistant to the Presi- 
dent for National Security Affairs ensure that the federal government’s strategy to 
address computer-based threats define 

• specific roles and responsibilities of organizations involved in CIP and related in- 
formation security activities; 

• interim objectives and milestones for achieving CIP goals and a specific action 
plan for achieving these objectives, including implementing vulnerability assess- 
ments and related remedial plans; and 

• performance measures for which entities can be held accountable. 

In July 2002, we issued a report identifying at least 50 organizations that were in- 
volved in national or multinational cyber CIP efforts, including 5 advisory commit- 
tees; 6 Executive Office of the President organizations; 38 executive branch organi- 
zations associated with departments, agencies, or intelligence organizations; and 3 
other organizations. 18 Although our review did not cover organizations with na- 
tional physical CIP responsibilities, the large number of organizations that we did 
identify as involved in CIP efforts presents a need to clarify how these entities co- 
ordinate their activities with each other. Our report also stated that PDD 63 did 
not specifically address other possible critical sectors and their respective federal 
agency counterparts. Accordingly, we recommended that the federal government’s 
strategy also 

• include all relevant sectors and define the key federal agencies’ roles and respon- 
sibilities associated with each of these sectors, and 

• define the relationships among the key CIP organizations. 


16 U.S. General Accounting Office, Information Security: Serious Weaknesses Place Critical 
Federal Operations and Assets at Risk, GAO/AIMD-98— 92 (Washington. D.C.: Sept. 23, 1998). 

17 U.S. General Accounting Office, Combating Terrorism: Selected Challenges and Related Rec- 
ommendations, GAO-01—822 (Washington, D.C.: Sept. 20, 2001). 18GAO-02— 474. 
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In July 2002, the National Strategy for Homeland Security called for interim cyber 
and physical infrastructure protection plans that DHS would use to build a com- 
prehensive national infrastructure plan. Implementing a well-developed plan is crit- 
ical to effective coordination in times of crises. According to the strategy, the na- 
tional plan is to provide a methodology for identifying and prioritizing critical as- 
sets, systems, and functions, and or sharing protection responsibility with state and 
local governments and the private sector. The plan is also to establish standards 
and benchmarks for infrastructure protection and provide a means to measure per- 
formance. The plan is expected to inform DHS on budgeting and planning for CIP 
activities and how to use policy instruments to coordinate between government and 
private entities to improve the security of our national infrastructures to appro- 
priate levels. The strategy also states that DHS is to unify the currently divided re- 
sponsibilities for cyber and physical security. According to the department’s Novem- 
ber 2002 reorganization plan, the Assistant Secretary for Infrastructure Protection 
is responsible for developing a comprehensive national infrastructure plan. 

As discussed previously, in February 2003, the President issued the interim strate- 
gies — The National Strategy to Secure Cyberspace and The National Strategy for the 
Physical Protection of Critical Infrastructures and Key Assets (hereafter referred to 
in this testimony as the cyberspace security strategy and the physical protection 
strategy). These strategies identify priorities, actions, and responsibilities for the 
federal government, including federal lead departments and agencies and the DHS, 
as well as for state and local governments and the private sector. Both define stra- 
tegic objectives for protecting our nation’s critical assets. The physical protection 
strategy discusses the goals and objectives for protecting our nation’s critical infra- 
structure and key assets from physical attack. The cyberspace security strategy pro- 
vides a framework for organizing and prioritizing the individual and concerted re- 
sponsibilities of all levels of government to secure cyberspace. 

According to the physical protection strategy, across government, there are incon- 
sistent methodologies to prioritize efforts to enhance critical infrastructure protec- 
tion. This problem is compounded with ineffective communication among the fed- 
eral, state, and local governments that has resulted in untimely, disparate, and at 
times conflicting communication between those who need it most. DHS has been 
given a primary role in providing cross-sector coordination to improve communica- 
tion and planning efforts and serves as the single point of coordination for state and 
local governments on homeland security issues. To fulfill its role as the cross-sector 
coordinator, DHS will partner with state and local governments and the private sec- 
tor to institute processes that are transparent, comprehensive, and results-oriented. 
This effort will include creating mechanisms for collaborative national planning ef- 
forts between the private and public sectors and for consolidating the individual sec- 
tor plans into a comprehensive plan that will define their respective roles, respon- 
sibilities, and expectations. 

The cyberspace security strategy is the counterpart to the physical protection strat- 
egy and provides the framework for organizing and prioritizing the individual and 
concerted responsibilities of all levels of government to secure cyberspace. DHS 
serves as the focal point for managing cybersecurity incidents that could affect the 
federal government or the national information infrastructure and, thus, plays a 
central role in executing the initiatives assigned in this strategy. While the cyber- 
space security strategy mentions the responsibility of DHS in creating a comprehen- 
sive national plan for securing resources and key infrastructures, much of the strat- 
egy’s emphasis remains on coordinating and integrating various plans with the pri- 
vate sector. 

Neither strategy (1) clearly indicates how the physical and cyber efforts will be co- 
ordinated; (2) defines the roles, responsibilities, and relationships among the key 
CIP organizations, including state and local governments and the private sector; (3) 
indicates time frames or milestones for their overall implementation or for accom- 
plishing specific actions or initiatives; nor (4) establishes performance measures for 
which entities can be held responsible. Until a comprehensive and coordinated plan 
is completed that unifies the responsibilities for cyber and physical infrastructures; 
identifies roles, responsibilities, and relationships for all CIP efforts; establishes 
time frames or milestones for implementation; and establishes performance meas- 
ures, our nation risks not having a consistent and appropriate information sharing 
framework to deal with growing threats to its critical infrastructure. 

Better Information Sharing on Threats and Vulnerabilities Must Be Imple- 
mented 

Information sharing is a key element in developing comprehensive and practical ap- 
proaches to defending against potential cyber and other attacks, which could threat- 
en the national welfare. Information on threats, vulnerabilities, and incidents expe- 
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rienced by others can help identify trends, better understand the risks faced, and 
determine what preventive measures should be implemented. However, as we have 
reported in recent years, establishing the trusted relationships and information- 
sharing protocols necessary to support such coordination can be difficult. In addi- 
tion, the private sector has expressed concerns about sharing information with the 
government and the difficulty of obtaining security clearances. Both the Congress 
and the administration have taken steps to address information sharing issues in 
law and recent policy guidance, but their effectiveness will largely depend on how 
DHS implements its information sharing responsibilities. 

A number of activities have been undertaken to build information-sharing relation- 
ships between the federal government and the private sector, such as InfraGard, the 
Partnership for Critical Infrastructure Security, efforts by the CIAO, and efforts by 
lead agencies to establish ISACs. For example, the InfraGard Program, which pro- 
vides the FBI and NIPC with a means of securely sharing information with indi- 
vidual companies, has expanded substantially. InfraGard membership has increased 
from 277 in October 2000 to almost 9,400 in September 2003. Members include rep- 
resentatives from private industry, other government agencies, state and local law 
enforcement, and the academic community. 

As stated above, PDD 63 encouraged the voluntary creation of ISACs to serve as 
the mechanism for gathering, analyzing, and appropriately sanitizing and dissemi- 
nating information between the private sector and the federal government through 
NIPC. In April 2001, we reported that NIPC and other government entities had not 
developed fully productive information-sharing relationships but that NIPC had un- 
dertaken a range of initiatives to foster information-sharing relationships with 
ISACs, as well as with government and international entities. We recommended 
that NIPC formalize relationships with ISACs and develop a plan to foster a two- 
way exchange of information between them. 

In response to our recommendations, NIPC officials told us in July 2002 that an 
ISAC development and support unit had been created, whose mission was to en- 
hance private-sector cooperation and trust so that it would result in a two-way shar- 
ing of information. As shown previously in table 3, as of April 2003, DHS reported 
that there are 16 current ISACs, including ISACs established for sectors not identi- 
fied as critical infrastructure sectors. DHS officials also stated that they have formal 
agreements with most of the current ISACs. 

In spite of progress made in establishing ISACs, additional efforts are needed. All 
sectors do not have a fully established ISAC, and even for those sectors that do, our 
recent work showed that participation may be mixed, and the amount of information 
being shared between the federal government and private-sector organizations also 
varies. Specifically, as we reported in February 2003, the five ISACs we recently re- 
viewed showed different levels of progress in implementing the PDD 63 suggested 
activities. 19 For example, four of the five reported that efforts were still in progress 
to establish baseline statistics, which includes developing a database on the normal 
levels of computer security incidents that would be used for analysis purposes. Also, 
while all five reported that they served as the clearinghouse of information (such 
as incident reports and warnings received from members) for their own sectors, only 
three of the five reported that they are also coordinating with other sectors. Only 
one of the five ISACs reported that it provides a library of incidents and historical 
data that was available to both the private sector and the federal government, and 
although three additional ISACs do maintain a library, it was available only to the 
private sector. Table 4 summarizes the reported status of the five ISACs in per- 
forming these and other activities suggested by PDD 63. 

Table 4: ISACs’ Progress in Performing Activities Suggested by PDD 63 


Activity 

Telecommuni- 

cations 

Electricity 

ISAC 

Information 

Technology 

Energy 

Water 

Establish baseline 
statistics 

In progress 

In progress 

Yes 

In progress 

In progress 


19 U.S. General Accounting Office, Critical Infrastructure Protection: Challenges for Selected 
Agencies and Industry Sectors, GA-03— 233 (Washington, D.C.: Feb. 28, 2003). 
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Table 4: ISACs’ Progress in Performing Activities Suggested by PDD 63 — Continued 


Activity 

Telecommuni- 

cations 

Electricity 

ISAC 

Information 

Technology 

Energy 

Water 

Serve as clearinghouse 
within and among 
sectors 

Yes 

Yes 

Yes 

Only within 
own sector 

Only within 
own sector 

Provide library to 
private sector and 
government 

In progress 

Yes 

Available only 
to private 
sector 

Available only 
to private 
sector 

Available only 
to private 
sector 

Report incidents 
to NIPC 

Yes 

Yes 

Yes 

No 

Yes 


Source: ISACs. 

As also noted in our February 2003 report, some in the private sector expressed con- 
cerns about voluntarily sharing information with the government. Specifically, con- 
cerns were raised that industry could potentially face antitrust violations for shar- 
ing information with other industry partners, have their information subject to the 
Freedom of Information Act (FOIA), or face potential liability concerns for informa- 
tion shared in good faith. For example, the IT, energy, and the water ISACs re- 
ported that they did not share their libraries with the federal government because 
of concerns that information could be released under FOIA. And, officials of the en- 
ergy ISAC stated that they have not reported incidents to NIPC because of FOIA 
and antitrust concerns. 

The recently established ISAC Council may help to address some of these concerns. 
According to its chairman, the mission of the ISAC Council is to advance the phys- 
ical and cybersecurity of the critical infrastructures of North America by estab- 
lishing and maintaining a framework for interaction between and among the ISACs. 
Activities of the council include establishing and maintaining a policy for inter-ISAC 
coordination, a dialog with governmental agencies that deal with ISACs, and a prac- 
tical data and information sharing protocol (what to share and how to share). In 
addition, the council will develop analytical methods to assist the ISACs in sup- 
porting their own sectors and other sectors with which there are interdependencies 
and establish a policy to deal with matters of liability and anti-trust. The chairman 
also reported that the council held an initial meeting with DHS and the White 
House in June 2003 to, among other things, understand mutual DHS and ISAC ex- 
pectations. 

There will be continuing debate as to whether adequate protection is being provided 
to the private sector as these entities are encouraged to disclose and exchange infor- 
mation on both physical and cybersecurity problems and solutions that are essential 
to protecting our nation’s critical infrastructures. The National Strategy for Home- 
land Security includes “enabling critical infrastructure information sharing” in its 
12 major legislative initiatives. It states that the nation must meet this need by nar- 
rowly limiting public disclosure of information relevant to protecting our physical 
and cyber critical infrastructures in order to facilitate the voluntary submission of 
information. It further states that the Attorney General will convene a panel to pro- 
pose any legal changes necessary to enable sharing of essential homeland security 
related information between the federal government and the private sector. 

Actions have already been taken by the Congress and the administration to 
strengthen information sharing. For example, the USA PATRIOT Act promotes in- 
formation sharing among federal agencies, and numerous terrorism task forces have 
been established to coordinate investigations and improve communications among 
federal and local law enforcement. 20 Moreover, the Homeland Security Act of 2002 
includes provisions that restrict federal, state, and local government use and disclo- 
sure of critical infrastructure information that has been voluntarily submitted to 
DHS. These restrictions include exemption from disclosure under FOIA, a general 
limitation on use to CIP purposes, and limitations on use in civil actions and by 
state or local governments. The act also provides penalties for any federal employee 


20 The Uniting and Strengthening America by Providing Appropriate Tools Required to Inter- 
cept and Obstruct Terrorism (USA PATRIOT) Act, Public Law No. 107-56, October 26, 2001. 
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who improperly discloses any protected critical infrastructure information. In April 
2003, DHS issued for comment its proposed rules for how critical infrastructure in- 
formation volunteered by the public will be protected. At this time, it is too early 
to tell what impact the act will have on the willingness of the private sector to share 
critical infrastructure information. 

Information sharing among federal, state and local governments also needs to be im- 
proved. In August 2003 we reported the results of our survey of federal, state, and 
city government officials’ perceptions of the effectiveness of the current information- 
sharing process. 21 Performed primarily before DHS began its operations, our survey 
identified some notable information-sharing initiatives, but also highlighted coordi- 
nation issues and other concerns that many of the surveyed entities had with the 
overall information-sharing process. For example, the FBI reported it had signifi- 
cantly increased the number of its Joint Terrorism Task Forces and, according to 
our survey, 34 of 40 states and 160 of 228 cities stated that they participated in 
information-sharing centers. However, although such initiatives may increase the 
sharing of information to fight terrorism, none of the three levels of government per- 
ceived the current information-sharing process as effective, particularly when shar- 
ing information with federal agencies. Respondents reported that information on 
threats, methods, and techniques of terrorists was not routinely shared; and the in- 
formation that was shared was not perceived as timely, accurate, or relevant. Fur- 
ther, 30 of 40 states and 212 of 228 cities responded that they were not given the 
opportunity to participate in national policy making on information sharing. Federal 
agencies in our survey also identified several barriers to sharing threat information 
with state and city governments, including the inability of state and city officials 
to secure and protect classified information, the lack of federal security clearances, 
and a lack of integrated databases. 

The private sector has also expressed its concerns about the value of information 
being provided by the government. For example, in July 2002 the President for the 
Partnership for Critical Infrastructure Security stated in congressional testimony 
that information sharing between the government and private sector needs work, 
specifically, in the quality and timeliness of cybersecurity information coming from 
the government. 22 In March 2003 we also reported that the officials from the chem- 
ical industry noted that they need better threat information from law enforcement 
agencies, as well as better coordination among agencies providing threat informa- 
tion. 23 They stated that chemical companies do not receive enough specific threat 
information and that it frequently comes from multiple government agencies. Simi- 
larly, in developing a vulnerability assessment methodology to assess the security 
of chemical facilities against terrorist and criminal attacks, the Department of Jus- 
tice observed that chemical facilities need more specific information about potential 
threats in order to design their security systems and protocols. Chemical industry 
officials also noted that efforts to share threat information among industry and fed- 
eral agencies will be effective only if government agencies provide specific and accu- 
rate threat information. Threat information also forms the foundation for some of 
the tools available to industry for assessing facility vulnerabilities. The Justice vul- 
nerability assessment methodology requires threat information as the foundation for 
hypothesizing about threat scenarios, which form the basis for determining site 
vulnerabilities. 

The Homeland Security Act, the National Strategy for Homeland Security, the Na- 
tional Strategy to Secure Cyberspace, and the National Strategy for the Physical Pro- 
tection of Critical Infrastructures and Key Assets all acknowledge the importance of 
information sharing and identify multiple responsibilities for DHS to share informa- 
tion on threats and vulnerabilities. In particular: 

• The Homeland Security Act authorizes the IAIP Under Secretary to have access 
to all information in the federal government that concerns infrastructure or other 
vulnerabilities of the United States to terrorism and to use this information to fulfill 
its responsibilities to provide appropriate analysis and warnings related to threats 
to and vulnerabilities of critical information systems, crisis management support in 
response to threats or attacks on critical information systems, and technical assist- 


21 U.S. General Accounting Office, Homeland Security: Efforts to Improve Information Sharing 
Need toBe Strengthened, GAO-03—760 (Washington, D.C.: Aug. 27, 2003). 

22 Testimony of Kenneth C. Watson, President, Partnership for Critical Infrastructure Secu- 
rity, beforethe Subcommittee on Oversight and Investigation of the Energy and Commerce Com- 
mittee, U.S. House of Representatives, July 9, 2002. 

23 U. S. General Accounting Office, Homeland Security: Voluntary Initiatives Are Under Way 
at ChemicalFacilities, but the Extent of Security Preparedness is Unknown, GAO— 03-439 (Wash- 
ington D.C.: Mar. 14, 2003). 
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ance upon request to private-sector and government entities to respond to major 
failures of critical information systems. 

• The National Strategy for Homeland Security specifies the need for DHS to work 
with state and local governments to achieve “seamless communication” among all 
responders. This responsibility includes developing a national emergency commu- 
nication plan to establish policies and procedures to improve the exchange of infor- 
mation. Ensuring improved communications also involves developing systems that 
help prevent attacks and minimize damage. Such systems, which would be accessed 
and used by all levels of government, would detect hostile intents and help locate 
individual terrorists as well as monitor and detect outbreaks. 

• The cyberspace security strategy encourages DHS to work with the National In- 
frastructure Advisory Council and the private sector to develop an optimal approach 
and mechanism to disclose vulnerabilities in order to expedite the development of 
solutions without creating opportunities for exploitation by hackers. DHS is also ex- 
pected to raise awareness about removing obstacles to sharing information con- 
cerning cybersecurity and infrastructure vulnerabilities between the public and pri- 
vate sectors and is encouraged to work closely with ISACs to ensure that they re- 
ceive timely and actionable threat and vulnerability data and to coordinate vol- 
untary contingency planning efforts. 

• The physical protection strategy describes DHS’s need to collaborate with the in- 
telligence community and the Department of Justice to develop comprehensive 
threat collection, assessment, and dissemination processes that are distributed to 
the appropriate entity in a timely manner. It also enumerates several initiatives di- 
rected to DHS to accomplish to create a more effective information-sharing environ- 
ment among the key stakeholders, including establishing requirements for sharing 
information; supporting state and local participation with ISACs to more effectively 
communicate threat and vulnerability information; protecting secure and propri- 
etary information deemed sensitive by the private sector; implementing processes 
for collecting, analyzing, and disseminating threat data to integrate information 
from all sources; and developing interoperable systems to share sensitive informa- 
tion among government entities to facilitate meaningful information exchange. 

• The National Strategy for Homeland Security also describes DHS’s need to engage 
its partners around the world in cooperative efforts to improve security. It states 
that DHS will increase information sharing between the international law enforce- 
ment, intelligence, and military communities. 

Analysis and Warning Capabilities Need to Be Improved 

Analysis and warning capabilities should be developed to detect precursors to at- 
tacks on the nation so that advanced warnings can be issued and protective meas- 
ures implemented. Since the 1990s, the national security community and the Con- 
gress have identified the need to establish analysis and warning capabilities to pro- 
tect against strategic computer attacks against the nation’s critical computer-de- 
pendent infrastructures. Such capabilities need to address both cyber and physical 
threats and involve (1) gathering and analyzing information for the purpose of de- 
tecting and reporting otherwise potentially damaging actions or intentions and (2) 
implementing a process for warning policymakers and allowing them time to deter- 
mine the magnitude of the related risks. 

In April 2001, 24 we reported on NIPC’s progress and impediments in developing 
analysis and warning capabilities for computer-based attacks, which included the 
following: 25 

• Lack of a generally accepted methodology for analyzing strategic cyber-based 
threats. For example, there was no standard terminology, no standard set of factors 
to consider, and no established thresholds for determining the sophistication of at- 
tack techniques. According to officials in the intelligence and national security com- 
munity, developing such a methodology would require an intense interagency effort 
and dedication of resources. 

• Lack of industry-specific data on factors such as critical system components, 
known vulnerabilities, and interdependencies. Under PDD 63, such information is 
to be developed for each of eight industry segments by industry representatives and 
the designated federal lead agencies. In September 2001, we reported that although 
outreach efforts had raised awareness and improved information sharing, sub- 
stantive, comprehensive analysis of infrastructure sector interdependencies and 
vulnerabilities had been limited. 


24 GAO-Ol-323. 

25 Pursuant to the Homeland Security Act of 2002, the functions of NIPC (except for 
computerinvestigations and operations) were transferred over to DHS from the FBI. 
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Another challenge confronting the analysis and warning capabilities of our nation 
is that, historically, our national CIP attention and efforts have been focused on 
cyber threats. As we also reported in April 2001, although PDD 63 covers both phys- 
ical and cyber threats, federal efforts to meet the directive’s requirements have per- 
tained primarily to cyber threats since this is an area that the leaders of the admin- 
istration’s CIP strategy view as needing attention. However, the terrorist attacks of 
September 11, 2001, have increased the emphasis of physical threats. In addition, 
in July 2002, NIPC reported that the potential for concurrent cyber and physical 
(“swarming”) attacks is an emerging threat to the U.S. critical infrastructure. Fur- 
ther, in July 2002, the director of NIPC also told us that NIPC had begun to develop 
some capabilities for identifying physical CIP threats. For example, NIPC had devel- 
oped thresholds with several ISACs for reporting physical incidents and, since Janu- 
ary 2002, has issued several information bulletins concerning physical CIP threats. 
However, NIPC’s director acknowledged that fully developing this capability would 
be a significant challenge. The physical protection strategy states that DHS will 
maintain a comprehensive, up-to-date assessment of vulnerabilities across sectors 
and improve processes for domestic threat data collection, analysis, and dissemina- 
tion to state and local governments and private industry. 

The administration and the Congress continue to emphasize the need for these anal- 
ysis and warning capabilities. The National Strategy for Homeland Security identi- 
fied intelligence and warning as one of six critical mission areas and called for major 
initiatives to improve our nation’s analysis and warning capabilities. The strategy 
also stated that no government entity was then responsible for analyzing terrorist 
threats to the homeland, mapping these threats to our vulnerabilities, and taking 
protective action. The Homeland Security Act gives such responsibility to the new 
DHS. For example, the IAIP Under Secretary is responsible for administering the 
Homeland Security Advisory System, and is to coordinate with other federal agen- 
cies to provide specific warning information and advice to state and local agencies, 
the private sector, the public, and other entities about appropriate protective meas- 
ures and countermeasures to homeland security threats. 

An important aspect of improving our nation’s analysis and warning capabilities is 
having comprehensive vulnerability assessments. The National Strategy for Home- 
land Security also states that comprehensive vulnerability assessments of all of our 
nation’s critical infrastructures are important from a planning perspective in that 
they enable authorities to evaluate the potential effects of an attack on a given sec- 
tor and then invest accordingly to protect it. The strategy states that the U.S. gov- 
ernment does not perform vulnerability assessments of the nation’s entire critical 
infrastructure. The Homeland Security Act of 2002 states that the DHS’s IAIP 
Under Secretary is to carry out comprehensive assessments of the vulnerabilities of 
key resources and critical infrastructures of the United States. 

Another critical issue in developing effective analysis and warning capabilities is to 
ensure that appropriate intelligence and other threat information, both cyber and 
physical, is received from the intelligence and law enforcement communities. For ex- 
ample, there has been considerable public debate regarding the quality and timeli- 
ness of intelligence data shared between and among relevant intelligence, law en- 
forcement, and other agencies. Also, as the transfer of NIPC to DHS organization- 
ally separated it from the FBI’s law enforcement activities (including the 
Counterterrorism Division and NIPC field agents), it will be critical to establish 
mechanisms for continued communication to occur. Further, it will be important 
that the relationships between the law enforcement and intelligence communities 
and the new DHS are effective and that appropriate information is exchanged on 
a timely basis. The act gives DHS broad statutory authority to access intelligence 
information, as well as other information relevant to the terrorist threat and to turn 
this information into useful warnings. For example, DHS is to be a key participant 
in the multiagency TTIC 26 that began operations on May 1, 2003. According to a 
White House fact sheet, DHS’s IAIP is to receive and analyze terrorism-related in- 
formation from the TTIC. 27 Although the purpose of TTIC and the authorities and 
responsibilities of the FBI and Central Intelligence Agency (CIA) counterterrorism 
organizations remain distinct, in July 2003, the TTIC Director reported that initia- 
tives are under way to facilitate efforts witbin the intelligence community to ensure 
that DHS has access to all information required to execute its mission. He also re- 
ported other progress, such as updates to a TTIC-sponsored Web site that provides 


26 The center was formed from elements of the Department of Homeland Security, the FBI’s 
Counterterrorism Division, the Director of Central Intelligence’s Counterterrorist Center, and 
the Department of Defense. 

27 The White House, Fact Sheet: Strengthening Intelligence to Better Protect America (Wash- 
ington, D.C.: Jan. 28, 2003). 
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terrorism-related information. For example, the Web site is to increasingly include 
products tailored to the needs of state and local officials, as well as private industry. 
In addition, according to NIPC’s director, as of July 2002, a significant challenge in 
developing a robust analysis and warning function is the development of the tech- 
nology and human capital capacities to collect and analyze substantial amounts of 
information. Similarly, the Director of the FBI testified in June 2002 that imple- 
menting a more proactive approach to preventing terrorist acts and denying ter- 
rorist groups the ability to operate and raise funds require a centralized and robust 
analytical capacity that did not then exist in the FBI’s Counterterrorism Division. 28 
He also stated that processing and exploiting information gathered domestically and 
abroad during the course of investigations require an enhanced analytical and data 
mining capacity that was not then available. According to DHS’s reorganization 
plans, the IAIP Under Secretary and the chief information officer (CIO) of the de- 
partment are to fulfill their responsibilities as laid out by the act to establish and 
uses a secure communications and IT infrastructure. This infrastructure is to in- 
clude data-mining and other analytical tools in order to access, receive, analyze, and 
disseminate data and information. 

Additional Incentives Are Needed to Encourage Increased Information 
Sharing Efforts 

PDD 63 stated that sector liaisons should identify and assess economic incentives 
to encourage sector information sharing and other desired behavior. Consistent with 
the original intent of PDD 63, the National Strategy for Homeland Security states 
that, in many cases, sufficient incentives exist in the private market for addressing 
the problems of CIP. However, the strategy also discusses the need to use all avail- 
able policy tools to protect the health, safety, or well-being of the American people. 
It mentions federal grant programs to assist state and local efforts, legislation to 
create incentives for the private sector, and, in some cases, regulation. The physical 
protection strategy reiterates that additional regulatory directives and mandates 
should only be necessary in instances where the market forces are insufficient to 
prompt the necessary investments to protect critical infrastructures and key assets. 
The cyberspace security strategy also states that the market is to provide the major 
impetus to improve cybersecurity and that regulation will not become a primary 
means of securing cyberspace. 

Last year, the Comptroller General testified on the need for strong partnerships 
with those outside the federal government and that the new department would need 
to design and manage tools of public policy to engage and work constructively with 
third parties. 29 We have also previously testified on the choice and design of public 
policy tools that are available to governments. 30 These public policy tools include 
grants, regulations, tax incentives, and regional coordination and partnerships to 
motivate and mandate other levels of government or the private sector to address 
security concerns. Some of these tools are already being used, such as in the water 
and chemical sectors. 

Without appropriate consideration of public policy tools, private-sector participation 
in sector-related information sharing and other CIP efforts may not reach its full 
potential. For example, we reported in January 2003 31 on the efforts of the financial 
services sector to address cyber threats, including industry efforts to share informa- 
tion and to better foster and facilitate sectorwide efforts. We also reported on the 
efforts of federal entities and regulators to partner with the financial services indus- 
try to protect critical infrastructures and to address information security. We found 
that although federal entities had a number of efforts ongoing, Treasury, in its role 
as sector liaison, had not undertaken a comprehensive assessment of the potential 
public policy tools to encourage the financial services sector in implementing infor- 
mation sharing and other CIP-related efforts. Because of the importance of consid- 
ering public policy tools to encourage private-sector participation, we recommended 
that Treasury assess the need for public policy tools to assist the industry in meet- 
ing the sector’s goals. In addition, in February 2003, we reported on the mixed 
progress five ISACs had made in accomplishing the activities suggested by PDD 63. 


28 Testimony of Robert S. Mueller, III, Director Federal Bureau of Investigation, before 
theSubcommittee for the Departments of Commerce, Justice, and State, the Judiciary, and Re- 
lated Agencies, Committee on Appropriations, U.S. House of Representatives, June 21, 2002. 

29 U.S. General Accounting Office, Homeland Security: Proposal for Cabinet Agency Has 
Merit, But Implementation Will Be Pivotal to Success, GAO-01-886T {Washington, D.C.: June 
25, 2002). 

30 U.S. General Accounting Office, Combating Terrorism: Enhancing Partnerships Through a 
National Preparedness Strategy, GAO— 02-549T (Washington, D.C.: Mar. 28, 2002). 

31 U.S. General Accounting Office, Critical Infrastructure Protection: Efforts of the Financial 
Services Sector to Address Cyber Threats, GAO-03-173 (Washington, DC,: Jan. 30, 2003). 
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We recommended that the responsible lead agencies assess the need for public pol- 
icy tools to encourage increased private-sector CIP activities and greater sharing of 
intelligence and incident information between the sectors and the federal govern- 
ment. 

The President’s fiscal year 2004 budget request for the new DHS includes $829 mil- 
lion for information analysis and infrastructure protection, a significant increase 
from the estimated $177 million for fiscal year 2003. In particular, the requested 
funding for protection includes about $500 million to identify key critical infrastruc- 
ture vulnerabilities and support the necessary steps to ensure that security is im- 
proved at these sites. Although the funding also includes almost $300 million for 
warning advisories, threat assessments, a communications system, and outreach ef- 
forts to state and local governments and the private sector, additional incentives 
may still be needed to encourage nonfederal entities to increase their CIP efforts. 

Consolidating and Standardizing Watch List Structures and Policies 

We recently reported on the terrorist and criminal watch list systems maintained 
by different federal agencies. 32 These watch lists are important information-sharing 
tools for securing our nation’s borders against terrorists. Simply stated, watch lists 
can be viewed as automated databases that are supported by certain analytical ca- 
pabilities. These lists contain various types of data, from biographical data — such 
as a person’s name and date of birth — to biometric data such as fingerprints. Nine 
federal agencies, 33 which before the establishment of DHS spanned five different 
cabinet-level departments, 34 currently maintain 12 terrorist and criminal watch 
lists. These lists are also used by at least 50 federal, state, and local agencies. 
According to the National Strategy for Homeland Security, in the aftermath of the 
September 11th attacks, it became clear that vital watch list information stored in 
numerous and disparate databases was not available to the right people at the right 
time. In particular, federal agencies that maintained information about terrorists 
and other criminals had not consistently shared it. The strategy attributed these in- 
formation-sharing limitations to legal, cultural, and technical barriers that resulted 
in the watch lists being developed in different ways, for different purposes, and in 
isolation from one another. To address these limitations, the strategy provides for 
developing a consolidated watch list that would bring together the information on 
known or suspected terrorists contained in federal agencies’ respective lists. 

As we reported, we found that the watch lists include overlapping but not identical 
sets of data, and that different policies and procedures govern whether and how 
these data are shared with others. As a general rule, we found that this information 
sharing is more likely to occur among federal agencies than between federal agen- 
cies and either state and local governments agencies or private entities. Among 
other things, we also found that the extent to which such information sharing is ac- 
complished electronically is constrained by fundamental differences in the watch 
lists’ systems architecture. Also, differences in agencies’ cultures have been and re- 
main one of the principal impediments to integrating and sharing information from 
watch lists and other information. We recommended that the Secretary of DHS, in 
collaboration with the heads of other departments and agencies that have or use 
watch lists, lead an effort to consolidate and standardize the federal government’s 
watch list structures and policies to promote better integration and information 
sharing. DHS generally agreed with our findings and recommendations. 

Effective Systems and Processes Need to Be Established to Facilitate Infor- 
mation Sharing 

The success of homeland security relies on establishing effective systems and proc- 
esses to facilitate information sharing among government entities and the private 
sector. In May 2003, the CIO of DHS stated that a key goal to protecting our nation 
is to put in place mechanisms that provide the right information to the right people 
in a timely manner. He further stated that with the use of IT, homeland security 
officials throughout the United States will have a more complete awareness of 
threats and vulnerabilities, as well as knowledge of the personnel and resources 


32 GA-03-322. 

33 The nine agencies are the State Department’s Bureau of Intelligence and Research and Bu- 
reau of Consular Affairs; the Justice Department’s Federal Bureau of Investigation, Immigration 
and Naturalization Service, U.S. Marshals Service, and the U.S. National Central Bureau for 
Interpol; the Department of Defense’s Air Force Office of Special Investigations; the Transpor- 
tation Department’s Transportation Security Administration; and the Treasury Department’s 
U.S. Customs Service. Of these, the Immigration and Naturalization Service, the Transportation 
Security Administration, and the U.S. Customs Service have been incorporated into the new 
DHS. 

34 These departments are the Departments of State, Treasury, Transportation, Justice, and 
Defense. 
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available to conquer those threats. We have identified critical success factors to in- 
formation sharing that DHS should consider. Also, in addition to the need to develop 
technological solutions, key management issues that DHS must overcome to achieve 
success include 

• integrating existing IT resources of 22 different agencies, 

• making new IT investments, 

• ensuring that sensitive information is secured, 

• developing secure communications networks, 

• developing a performance focus, 

• integrating staff from different organizations and ensuring that the department 
has properly skilled staff, and 

• ensuring effective oversight. 

Addressing these issues will be critical to establishing the effective systems and 
processes required to facilitate information sharing within the new department. 

Success Factors for Sharing Information 

In October 2001, we reported on information sharing practices of organizations that 
successfully share sensitive or time-critical information. 35 We found that these prac- 
tices include: 

• establishing trust relationships with a wide variety of federal and nonfederal enti- 
ties that may be in a position to provide potentially useful information and advice 
on vulnerabilities and incidents; 

• developing standards and agreements on how shared information will be used and 
protected; 

• establishing effective and appropriately secure communications mechanisms; and 

• taking steps to ensure that sensitive information is not inappropriately dissemi- 
nated. 

Among the organizations we studied, we found some very good models to learn from 
and build on. For example, CERT/CC is charged with establishing a capability to 
quickly and effectively coordinate communication between experts in order to limit 
damage, responding to incidents, and building awareness of security issues across 
the Internet community. In this role, CERT/CC receives Internet security-related in- 
formation from system and network administrators, technology managers, and pol- 
icymakers and provides them with this information along with guidance and coordi- 
nation to major security events. Further, the Agora is a Seattle-based regional net- 
work that at the time of our study had over 600 professionals representing various 
fields, including information systems security; law enforcement; local, state, and fed- 
eral governments; engineering; IT; academics; and other specialties. Members work 
to establish confidential ways for organizations to share sensitive information about 
common problems and best practices for dealing with security threats. They develop 
and share knowledge about how to protect electronic infrastructures, and they 
prompt more research specific to electronic information systems security. 

In addition, we have previously reported on several other key considerations in es- 
tablishing effective information sharing, including: 

• identifying and agreeing on the types of information to be collected and shared 
between parties, 

• developing standard terms and reporting thresholds, 

• balancing varying interests and expectations, and 

• determining the right format and standards for collecting data so that disparate 
agencies can aggregate and integrate data sets. 

Some efforts have already taken place in these areas. For example, NIPC obtained 
information-sharing agreements with most ISACs, which included specific reporting 
thresholds for physical and cyber incidents. Also, incident reporting thresholds have 
been publicly issued. It will be important for DHS to incorporate these consider- 
ations into its information-sharing efforts. 

Developing Technological Solutions 

Developing and implementing appropriate technological solutions can improve the 
effectiveness and efficiency of information sharing. We have previously reported on 
the lack of connectivity and interoperability between databases and technologies im- 
portant to the homeland security effort. 36 Databases belonging to federal law en- 
forcement agencies and INS, for example, are not connected, and databases between 
state, local, and federal governments are not always connected. The technological 
constraints caused by different system architectures that impede the sharing of dif- 


35 U.S. General Accounting Office, Information Sharing: Practices That Can Benefit Critical 
Infrastructure Protection, GAO-02-24 (Washington, D.C.: Oct. 15, 2001). 

36 GAO-02—8 1 IT 
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ferent agencies’ watch lists illustrate the widespread lack of interoperability of 
many federal government information systems. 

New technologies for data integration and interoperability could enable agencies to 
share information without the need for radical structural changes. This would allow 
the component agencies of DHS to work together yet retain a measure of autonomy, 
thus removing some barriers hindering agencies from embracing change. In August 
2002, we reported on various existing technologies that could be more widely imple- 
mented to facilitate information sharing. 37 We reported that Extensible Markup 
Language (XML) is useful for better information sharing. XML is a flexible, non- 
proprietary set of standards for annotating or “tagging” information so that it can 
be transmitted over a network such as the Internet and readily interpreted by dis- 
parate computer systems. If implemented broadly with consistent data definitions 
and structures, XML offers the promise of making it significantly easier for organi- 
zations and individuals to identify, integrate, and process information that may be 
widely dispersed among systems and organizations. For example, law enforcement 
agencies could potentially better identify and retrieve information about criminal 
suspects from any number of federal, state, and local databases. 

We also reported that various technologies could be used to protect information in 
shared databases. For example, data could be protected through electronically se- 
cured entry technology (ESET). ESET would allow users of separate databases to 
cross check or “mine” data securely without directly disclosing their information to 
others, thus allowing agencies to collaborate as well as address their needs for con- 
fidentiality or privacy. Such technology could, for example, allow an airline to cross 
check a passenger or employee against data held by government agencies in a sin- 
gle-step process without actually disclosing the data to the airline. In checking an 
individual, the airline would not receive any data from the agencies’ databases; 
rather, it would receive a “yes or no” type of response and/or a referral for further 
action. Additionally, appropriate authorities could automatically be notified. 

We noted that intrusion detection systems could be used to prevent unauthorized 
users from accessing shared information. Intrusion detection uses normal system 
and network activity data as well as known attack patterns. Deviations from normal 
traffic patterns can help to identify potential intruders. 

We also observed the need to simplify the process of analyzing information to more 
efficiently and effectively identify information of consequence that must be shared. 
Great emphasis has been placed upon data mining and data integration, but the 
third and perhaps most crucial component may be data visualization. The vast 
amount of information potentially available to be mined and integrated must be in- 
telligently analyzed, and the results effectively presented, so that the right people 
have the right information necessary to act effectively upon such information. This 
may involve pinpointing the relevant anomalies. 

Before DHS was established, the Office of Homeland Security had already begun 
several technological initiatives to integrate terrorist-related information from data- 
bases from different agencies responsible for homeland security. These included (1) 
adopting meta-data standards for electronic information so that homeland security 
officials understood what information was available and where it could be found and 
(2) developing data-mining tools to assist in identifying patterns of criminal behav- 
ior so that suspected terrorists could be detained before they could act. 

To address these technological challenges, the Homeland Security Act emphasized 
investments in new and emerging technologies to meet some of these challenges and 
established the Science and Technology Directorate, making it responsible for estab- 
lishing and administering research and development efforts and priorities to support 
DHS missions. 

Improving Information Technology Management 

Improving IT management will be critical to transforming the new department. 
DHS should develop and implement an enterprise architecture, or corporate blue- 
print, to integrate the many existing systems and processes required to support its 
mission. This architecture will also guide the department’s investments in new sys- 
tems to effectively support homeland security in the coming years. Other key IT 
management capacities that DHS will need to establish include investment and ac- 
quisition management processes, effective IT security, and secure communications 
networks. 

An Enterprise Architecture 

Effectively managing a large and complex endeavor requires, among other things, 
a well-defined and enforced blueprint for operational and technological change, com- 


37 U.S. General Accounting Office, National Preparedness: Technology and Information Shar- 
ing Challenges, GAO-02-1048R (Washington, D.C.: Aug. 30, 2002). 
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monly referred to as an enterprise architecture. Developing, maintaining, and using 
enterprise architectures is a leading practice in engineering both individual systems 
and entire enterprises. Enterprise architectures include several components, includ- 
ing a (1) current or “as is” environment, (2) target or “to be” environment, and (3) 
transition plan or strategy to move from the current to the target environment. Gov- 
ernmentwide requirements for having and using architectures to guide and con- 
strain IT investment decision making are also addressed in federal law and guid- 
ance. 38 Our experience with federal agencies has shown that attempts to transform 
IT environments without enterprise architectures often result in unconstrained in- 
vestment and systems that are duplicative and ineffective. Moreover, our February 
2002 report on the federal agencies’ use of enterprise architectures found that their 
use of enterprise architectures was a work in progress, with much to be accom- 
plished. 39 

DHS faces tremendous IT challenges because programs and agencies have been 
brought together in the new department from throughout the government, each with 
their own information systems. It will be a major undertaking to integrate these di- 
verse systems to enable effective information sharing among themselves, as well as 
with those outside the department. 

The Office of Homeland Security has acknowledged that an enterprise architecture 
is an important next step because it can help identify shortcomings and opportuni- 
ties in current homeland-security-related operations and systems, such as duplica- 
tive, inconsistent, or missing information. Furthermore, the President’s homeland 
security strategy identifies, among other things, the lack of an enterprise architec- 
ture as an impediment to DHS’s systems interoperating effectively and efficiently. 
Finally, the CIO of DHS has stated that the most important function of his office 
will be to design and help implement a national enterprise architecture that will 
guide the department’s investment in and use of IT. As part of its enterprise devel- 
opment efforts, the department has established working groups comprising state 
and local CIOs to ensure that it understands and represents their business proc- 
esses and strategies relevant to homeland security. In addition, OMB, in its current 
review of DHS’s redundant IT for consolidation and integration, has taken an initial 
first step to evaluate DHS’s component systems. 40 According to an official in the of- 
fice of the CIO, DHS has compiled an inventory of systems that represents its cur- 
rent enterprise architecture and will soon have a draft of its future enterprise archi- 
tecture. In addition, this official anticipates having a preliminary road map of the 
plan to transition to the future enterprise architecture in September 2003 and esti- 
mates that DHS will have the plan itself by next winter. 

In June 2002, we recommended that the federal government develop an architecture 
that defined the homeland security mission and the information, technologies, and 
approaches necessary to perform the mission in a way that was divorced from orga- 
nizational parochialism and cultural differences. 41 Specifically, we recommended 
that the architecture describe homeland security operations in both (1) logical 
terms, such as interrelated processes and activities, information needs and flows, 
and work locations and users; and (2) technical terms, such as hardware, software, 
data, communications, and security attributes and performance standards. We ob- 
served that a particularly critical function of a homeland security architecture would 
be to establish protocols and standards for data collection to ensure that data being 
collected were usable and interoperable and to tell people what they needed to col- 
lect and monitor. 

The CIO Council, OMB, and GAO have collaborated to produce guidance on the 
content, development, maintenance, and implementation of architectures that could 
be used in developing an architecture for DHS. 42 In April, we issued an executive 
guide on assessing and improving enterprise architecture management that extends 
this guidance. 43 


38 U.S. General Accounting Office, Business Systems Modernization: Longstanding Manage- 
ment and Oversight Weaknesses Continue to Put Investments at Risk, GAO-03-553T (Wash- 
ington, D.C.: Mar. 31, 2003). 

39 U.S, General Accounting Office, Information Technology: Enterprise Architecture Use across 
theFederal Government Can Be Improved, GAO— 02-6 (Washington, D.C.: Feb. 19, 2002). 

40 Office of Management and Budget, Reducing Redundant IT Infrastructure Related to 
HomelandSecurity, Memorandum for the Heads of Selected Departments and Agencies, July 19, 
2002, M— 02-12. 

41 GAO-02— 811T. 

42 See Chief Information Officer Council, A Practical Guide to Federal Enterprise Architecture, 
Version 1.0, (Washington, D.C.: Feb. 2001). 

43 U.S. General Accounting Office, Information Technology: A Framework for Assessing and 
Improving Enterprise Architecture Management (Version 1.1), GAO-03— 584G (Washington, D.C.: 
April 2003). 
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Investment and Acquisition Management Processes 

The Clinger-Cohen Act, federal guidance, and recognized best practices provide a 
framework for organizations to follow to effectively manage their IT investments. 
This involves having a single, corporate approach governing how an organization’s 
IT investment portfolio is selected, controlled, and evaluated across its various com- 
ponents, including assuring that each investment is aligned with the organization’s 
enterprise architecture. The lack of effective processes can lead to cost, schedule, 
and performance shortfalls, and in some cases, to failed system development efforts. 
We have issued numerous reports on investment and acquisition management chal- 
lenges at agencies now transferred into DHS, including INS. 

INS has had long-standing difficulty developing and fielding information systems to 
support its program operations. Since 1990, we have reported that INS managers 
and field officials did not have adequate, reliable, and timely information to effec- 
tively carry out the agency’s mission. For example, INS’s benefit fraud investiga- 
tions have been hampered by a lack of integrated information systems. 44 Also, INS’s 
alien address information could not be fully relied on to locate many aliens who 
were believed to be in the country and who might have knowledge that would assist 
the nation in its antiterrorism efforts. 45 Contributing to this situation was INS’s 
lack of written procedures and automated controls to help ensure that reported 
changes of address by aliens are recorded in all of INS’s automated databases. Our 
work has identified weaknesses in INS’s IT management capacities as the root 
cause of its system problems, and we have made recommendations to correct the 
weaknesses. INS has made progress in addressing our recommendations. 

In his written statement for a May 2003 hearing before the House Government Re- 
form Committee, the DHS CIO stated that IT investments, including mission-spe- 
cific investments, are receiving a departmentwide review. Benefits envisioned from 
this capital investment and control process include integrating information and 
identify and eliminating duplicate applications, gaps in information, and misalign- 
ments with business goals and objectives. 

Sound acquisition management is also central to accomplishing the department’s 
mission. One of the largest federal departments, DHS will potentially have one of 
the most extensive acquisition requirements in government. The new department is 
expected to acquire a broad range of technologies and services from private-sector 
companies. 

Moreover, DHS is faced with the challenge of integrating the procurement functions 
of many of its constituent programs and missions. Inherited challenges exist in sev- 
eral of the incoming agencies. For example, Customs has major procurement pro- 
grams under way that must be closely managed to ensure that it achieves expecta- 
tions. Despite some progress, we reported that Customs still lacks important acqui- 
sition management controls. 46 For its new import processing system, Customs has 
not begun to establish process controls for determining whether acquired software 
products and services satisfy contract requirements before acceptance, nor to estab- 
lish related controls for effective and efficient transfer of acquired software products 
to the support organization responsible for software maintenance. Agreeing with one 
of our recommendations, Customs continues to make progress and plans to establish 
effective acquisition process controls. 

Getting the most from its IT investment will depend on how well the department 
manages its acquisition activities. High-level attention to strong system and service 
acquisition management practices is critical to ensuring success. 

Information Security Challenges 

The Federal Information Security Management Act of 2002 (FISMA) requires fed- 
eral agencies to provide information security protections commensurate with the 
risk and magnitude of the harm resulting from unauthorized access, use, disclosure, 
disruption, modification, or destruction of information collected or maintained by or 
on behalf of the agency, and information systems used or operated by an agency or 
by a contractor of an agency or other organization on behalf of an agency. 47 Further, 
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the Homeland Security Act specifically requires DHS to establish procedures to en- 
sure the authorized use and the security and confidentiality of information shared 
with the department, including information on threats of terrorism against the 
United States; infrastructure or other vulnerabilities to terrorism; and threatened 
interference with, attack on, compromise of, or incapacitation of critical infrastruc- 
tures or protected systems by either physical or computer-based attack. However, 
establishing an effective information security program may present significant chal- 
lenges for DHS, which must bring together programs and agencies from throughout 
the government and integrate their diverse communications and information sys- 
tems to enable effective communication and information sharing both within and 
outside the department. 

Since 1996, we have reported that poor information security is a widespread prob- 
lem for the federal government, with potentially devastating consequences. 48 Fur- 
ther, we have identified information security as a governmentwide high-risk issue 
in reports to the Congress since 1997 — most recently in January 2003. 49 Although 
agencies have taken steps to redesign and strengthen their information system secu- 
rity programs, our analyses of information security at major federal agencies have 
shown that federal systems were not being adequately protected from computer- 
based threats, even though these systems process, store, and transmit enormous 
amounts of sensitive data and are indispensable to many federal agency operations. 
For the past several years, we have analyzed audit results for 24 of the largest fed- 
eral agencies, 50 and our latest analyses, of audit reports issued from October 2001 
through October 2002, continued to show significant weaknesses in federal computer 
systems that put critical operations and assets at risk. 51 In particular, we found 
that all 24 agencies had weaknesses in security program management, which is fun- 
damental to the appropriate selection and effectiveness of the other categories of 
controls and covers a range of activities related to understanding information secu- 
rity risks, selecting and implementing controls commensurate with risk, and ensur- 
ing that the controls implemented continue to operate effectively. In addition, we 
found that 22 of the 24 agencies had weaknesses in access controls — weaknesses 
that can make it possible for an individual or group to inappropriately modify, de- 
stroy, or disclose sensitive data or computer programs for purposes such as personal 
gain or sabotage, or in today’s increasingly interconnected computing environment, 
can expose an agency’s information and operations to attacks from remote locations 
all over the world by individuals with only minimal computer and telecommuni- 
cations resources and expertise. In April 2003, 52 we also reported that many agen- 
cies still had not established information security programs consistent with require- 
ments originally prescribed by government information security reform legislation 53 
and now permanently authorized by FISMA. 

Considering the sensitive and classified information to be maintained and shared 
by DHS, it is critical that the department implement federal information security 
requirements to ensure that its systems are appropriately assessed for risk and that 
adequate controls are implemented and working properly. Federal information secu- 
rity guidance, such as that issued by the National Institute of Standards and Tech- 
nology (NIST), can aid DHS in this process. For example, NIST has issued guidance 
to help agencies perform self-assessments of their information security programs, 
conduct risk assessments, and use metrics to determine the adequacy of in-place se- 
curity controls, policies, and procedures. 54 In addition, as we have previously re- 
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ported, agencies need more specific guidance on the controls that they need to im- 
plement to help ensure adequate protection. 55 Currently, agencies have wide discre- 
tion in deciding which computer security controls to implement and the level of rigor 
with which to enforce these controls. Although one set of specific controls will not 
be appropriate for all types of systems and data, our studies of best practices at 
leading organizations have shown that more specific guidance is important. 56 In 
particular, specific mandatory standards for varying risk levels can clarify expecta- 
tions for information protection, including audit criteria; provide a standard frame- 
work for assessing information security risk; help ensure that shared data are ap- 
propriately protected; and reduce demands for limited resources to independently 
develop security controls. Responding to this need, FISMA requires NIST to develop, 
for systems other than national security systems, (1) standards to be used by all 
agencies to categorize all of their information and information systems based on the 
objectives of providing appropriate levels of information security according to a 
range of risk levels; (2) guidelines recommending the types of information and infor- 
mation systems to be included in each category; and (3) minimum information secu- 
rity requirements for information and information systems in each category. 

DHS has identified implementing its information security program as a year-one ob- 
jective. In continuing these efforts, it is important that DHS consider establishing 
processes to annually review its information security program and to collect and re- 
port data on the program, as required by FISMA and OMB. 

Secure Communications Networks 

The Homeland Security Information Sharing Act, included in the Homeland Secu- 
rity Act of 2002, provides for the President to prescribe and implement procedures 
for federal agencies to share homeland security and classified information with oth- 
ers, such as state and local governments, through information sharing systems. Pro- 
visions of the act depict the type of information to be shared as that which reveals 
a threat of actual or potential attack or other hostile acts. Grand jury information; 
electronic, wire, or oral information; and foreign intelligence information are all in- 
cluded in these provisions. The National Strategy for Homeland Security also refers 
to the need for states to use a secure intranet to increase the flow of classified fed- 
eral information to state and local entities. According to the strategy, this network 
would provide a more effective way to share information about terrorists. The strat- 
egy also refers to putting into place a “collaborative classified enterprise environ- 
ment” to allow agencies to share information in their existing databases. 

To ensure the safe transmittal of sensitive, and, in some cases, classified, informa- 
tion vertically among everyone from intelligence entities, including the ClA, to local 
entities, such as those involved in emergency response and law enforcement, as well 
as horizontally across the same levels of government, requires developing and imple- 
menting communications networks with adequate security to protect the confiden- 
tiality, integrity, and availability of the transmitted information. Furthermore, these 
communications networks must be accessible to a variety of parties, from federal 
agencies to state and local government entities and some private entities. 

Secure networks for sharing sensitive information between state and federal entities 
have been implemented and are being used. For example, the National Law En- 
forcement Telecommunication System (NLETS) links all states and many federal 
agencies to the FBI’s National Crime Information Center (NCIC) network for the 
exchange of criminal justice information. Another law enforcement system called the 
Regional Information Sharing System (RISS) links thousands of local, state, and 
federal agencies to Regional Organized Crime Information Centers. Information 
sharing networks for the purpose of sharing sensitive information with some federal 
agencies also exist within the intelligence community. Other agencies are also en- 
gaged in efforts to provide homeland security networking and information manage- 
ment support for crisis management activities. Department of Defense officials have 
also stated that the Army National Guard’s network GuardNet, which was used to 
communicate among the states and the District of Columbia during the September 
11 terrorist attacks, is being considered for homeland security mission support. For 
several years, the states have also been working on efforts to establish an informa- 
tion architecture framework for government information systems integration. 

There also appear to be many new efforts under way to implement secure networks. 
In addition, according to the recently published the cyberspace security strategy, 
DHS intends to develop a national cyberspace security response system, the Cyber 
Warning Information Network (CWIN), to provide crisis management support to 
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government and nongovernment network operation centers. CWIN is envisioned as 
providing private and secure network communications for both government and in- 
dustry for the purpose of sharing cyber alert and warning information. Moreover, 
the National Communications System, one of the 22 entities that were merged into 
the DHS, has implemented a pilot system, the Global Early Warning Information 
System (GEWIS), which will measure how critical areas of the Internet are per- 
forming worldwide and then use that data to notify government, industry, and allies 
of impending cyber attacks or possible disturbances. 

It was also recently reported that the Justice Department and the FBI are expand- 
ing two existing sensitive but unclassified law enforcement networks to share home- 
land security information across all levels of government. When fully deployed, their 
Antiterrorism Information Exchange (ATIX) will provide law enforcement agencies 
at all levels access to information. Law enforcement agencies also can use ATIX to 
distribute security alerts to private-sector organizations and public officials who lack 
security clearances. Users, who will have different access levels on a need-to-know 
basis, will include a broad range of public safety and infrastructure organizations, 
including businesses that have homeland security concerns and duties. They will 
have access to a secure E-mail system via a secure Intranet, which the FBI and 
DHS will use to deliver alerts to ATIX users. The FBI and other federal agencies, 
including DHS, will link to ATIX via Law Enforcement Online, the bureau’s system 
for sensitive-but-unclassified law enforcement data that provides an encrypted com- 
munications service for law enforcement agencies on a virtual private nefwork. The 
second Department of Justice and FBI network, the Multistate Antiterrorism Re- 
gional Information Exchange System, will enable crime analysts working on ter- 
rorism investigations to quickly check a broad range of criminal databases main- 
tained by federal, state, and local agencies. 

DHS reportedly is establishing secure videoconferencing links with emergency oper- 
ations centers in all 50 states, as well as two territories and the District of Colum- 
bia. Also, the DHS CIO has stated that a major initiative in implementing the de- 
partment’s IT strategy for providing the right information to the right people at ah 
times is establishing the DHS Information Sharing Network Pilot project. Moreover, 
he sets 2005 as a milestone for DHS to build a “network of networks.” However, 
at this time, we do not have information on these projects or the extent to which 
they will rely on existing networks. It is also not clear how the DHS “network of 
networks” architecture will work with the state architecture being developed by the 
National Association of State CIOs. 

Managing Performance 

As we have previously reported, 57 the new department has the challenge of devel- 
oping a national homeland security performance focus, which relies on related na- 
tional and agency strategic and performance planning efforts of the Office of Home- 
land Security, OMB, and the other departments and agencies. Indeed, the individual 
planning activities of the various component departments and agencies represent a 
good start in the development of this focus. However, our past work on implementa- 
tion of the Government Performance and Results Act (GPRA) has highlighted ongo- 
ing difficulty with many federal departments and agencies setting adequate per- 
formance goals, objectives, and targets. Accordingly, attention is needed to devel- 
oping and achieving appropriate performance expectations and measures for infor- 
mation sharing and in ensuring that there is linkage between DHS’s plans, other 
agencies’ plans, and the national strategies regarding information sharing. Ensuring 
these capabilities and linkages will be vital in establishing comprehensive planning 
and accountability mechanisms that will not only guide DHS’s efforts but also help 
assess how well they are really working. 

As we previously reported, 58 one of the barriers that the new department faces in 
establishing effective homeland security is interagency cooperation, which is largely 
attributed to “turf’ issues among the 22 component agencies subsumed by the new 
department. Strong and sustained commitment of agency leaders would provide per- 
formance incentives to managers and staff to break down cultural resistance and 
encourage more effective information sharing pertaining to homeland security. 
Moreover, agency leaders have a wide range of tools at their disposal for enforcing 
and rewarding cooperative efforts, including performance bonuses for senior execu- 
tives and incentive award programs for staff. 

Our studies of other cross-cutting federal services with similar “turf’ problems have 
also shown that agency performance plans, which are required by GPRA, offer a 
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good avenue for developing incentives to cooperate. Specifically, agencies can set up 
goals in their performance plans for participation in cross-cutting programs and re- 
port on their progress in meeting these goals to the Congress. The Congress could 
also build similar incentives into budget resolutions. 

Shared programmatic goals and metrics would also encourage cooperation and co- 
ordination. Agencies subsumed by DHS should all participate in the development 
of goals, milestones, and metrics to measure progress and success, and such indica- 
tors should be clearly articulated and endorsed by senior management. Such goals 
and metrics must be carefully chosen since how performance is measured greatly 
influences the nature of the performance itself; poorly chosen metrics may lead to 
unintended or counterproductive results. However, visible, clearly articulated and 
carefully chosen shared goals and metrics can effectively overcome “turf’ issues. De- 
veloping metrics to measure the success of these activities is critical to ensuring a 
successful effort. Similar indicators more directly related to information sharing 
could be developed. 

Emphasizing Human Capital 

Human capital is another critical ingredient required for ensuring successful infor- 
mation sharing for homeland security. The cornerstones to effective human capital 
planning include leadership; strategic human capital planning; acquiring, devel- 
oping, and retaining talent; and building results-oriented organizational cultures. 
The homeland security and intelligence communities must include these factors in 
their management approach in order to benefit from effective collaboration in this 
critical time. 

As we have previously reported, the governmentwide increase in homeland security 
activities has created a demand for personnel with skills in areas such as IT, foreign 
language proficiencies, and law enforcement, without whom critical information has 
less chance of being shared, analyzed, integrated, and disseminated in a timely, ef- 
fective manner . 59 We specifically reported that shortages in staffing at some agen- 
cies had exacerbated backlogs in intelligence and other information, adversely af- 
fecting agency operations and hindering U.S. military, law enforcement, intelligence, 
counterterrorism, and diplomatic efforts . 60 

We have also previously reported that some of the agencies that moved into DHS 
have long-standing human capital problems that will need to be addressed. One of 
these challenges has been the ability to hire and retain a talented and motivated 
staff. For example, we reported that INS has been unable to reach its program goals 
in large part because of such staffing problems as hiring shortfalls and agent attri- 
tion . 61 We also reported that several INS functions have been affected by the lack 
of a staff resource allocation model to identify staffing needs . 62 We concluded then 
that it was likely that increased attention to the enforcement of immigration laws 
and border control would test the capacity of DHS to hire large numbers of inspec- 
tors for work at our nation’s border entry points. Moreover, we reported that other 
agencies being integrated into DHS were also expected to experience challenges in 
hiring security workers and inspectors. For example, we reported that the Agri- 
culture Department, the Customs Service, INS, and other agencies were all simulta- 
neously seeking to increase the size of their inspections staffs . 63 

To overcome its significant human capital shortfalls, DHS must develop a com- 
prehensive strategy capable of ensuring that the new department can acquire, de- 
velop, and retain the skills and talents needed to prevent and protect against ter- 
rorism. This requires identifying skill needs; attracting people with scarce skills into 
government jobs; melding diverse compensation systems to support the new depart- 
ment’s many needs; and establishing a performance-oriented, accountable culture 
that promotes employee involvement and empowerment. In February, the DHS CIO 
acknowledged the lack of properly skilled IT staff within the component agencies. 
Challenges facing DHS in this area, he stated, include overcoming political and cul- 
tural barriers, leveraging cultural beliefs and diversity to achieve collaborative 
change, and recruiting and retaining skilled IT workers. He acknowledged that the 
department would have to evaluate the talent and skills of its IT workforce to iden- 
tify existing skill gaps. He further stated that a critical component of DHS’s IT stra- 
tegic plan would address the actions needed to train, reskill, or acquire the nec- 
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essary skills to achieve a world-class workforce. He committed to working closely 
with the department’s Chief Human Capital Officer and with the Office of Personnel 
Management to achieve this goal. He set July 2003 as a milestone for developing 
a current inventory of IT skills, resources, and positions and September 2003 as the 
targeted date for developing an action plan. 


Ensuring Institutional Oversight 

It is important to note that accountability is also a critical factor in ensuring the 
success of the new department. The oversight entities of the executive branch — in- 
cluding the inspectors general, OMB, and the Office of Homeland Security — have a 
vital role to play in ensuring expected performance and accountability. Likewise, 
congressional committees and GAO, as the investigative arm of the legislative 
branch, with their long-term and broad institutional roles, also have roles to play 
in overseeing that the new department meets the demands of its homeland security 
mission. 


In summary, information sharing with and between all levels of government and the 
private sector must become an integral part of everyday operations if we are to be 
able to identify terrorist threats and protect against attack. As such, information 
sharing is an essential part of DHS’s responsibilities and is critical to achieving its 
mission. To implement these responsibilities, DHS will need to develop effective in- 
formation sharing systems and other information sharing mechanisms. The depart- 
ment will also need to develop strategies to address other challenges in establishing 
its organization and information architecture and in developing effective working re- 
lationships, cooperation, and trust with other federal agencies, state and local gov- 
ernments, and the private sector. 

Messrs. Chairmen, this concludes my statement. I would be happy to answer any 
questions that you or members of the subcommittees may have at this time. 
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Initial Blackout Timeline 


August 14, 2003 Outage 
Sequence of Events 
U.S./Canada Power Outage Task Force 
September 12, 2003 


This is an outline of significant physical and electrical events that occurred in a nar- 
row window of time, before and during the cascade that led to the blackout of Au- 
gust 14, 2003. This outline reviews events beginning at approximately noon on that 
day, to provide a "picture" of the sequence of events and how the grid situation 
evolved over the afternoon. It focuses chiefly on events that occurred on major trans- 
mission facilities (230 kilovolts and greater) and at large power plants. 

This outline does not attempt to present or explain the linkages between the se- 
quences of events that are described. Determining those linkages will require addi- 
tional intensive analysis over the weeks to come. In the coming weeks, our experts 
will continue to analyze data from: 

• the thousands of transmission line events that occurred on the 138 kV system and 
on lower voltage lines over the severnl hours before and during the grid’s collapse 

• the hundreds of events related to power plant internctions with the grid during 
this period 

• the conditions and operntions on the grid before noon. Many things happened well 
before noon — including reactive power and voltage problems and flow patterns 
across several states — that may be relevant in a causal sense to the blackout. 

• any actions taken, or not taken, by system operators prior to or during the outage. 

The U.S. Canada Power Outage Task Force investigation is looking at all of the 
above factors and more in order to refine these data and dig deeper into what hap- 
pened and why. 

This timeline is not intended to indicate and should not be assumed to explain why 
the blackout happened, only to provide an early picture of what happened. It is not 
intended to indicate and should not be assumed to assign fault or culpability for the 
blackout. Determining the specific causes of these failures requires a thorough and 
professional investigation, which the bi-national investigative team has undertaken. 
The above concerns and explanations will be addressed in future reports prepared 
by the investigative team and issued by the Joint U.S.lCanada Task Force. 

Note: The information in this report is based on what is known about the August 
14, 2003 blackout as of September 11, 2003, and is subject to change based on fur- 
ther investigation of this event. 
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Initial Blackout Timeline 


August 14, 2003 Outage 
Sequence of Events 


This report provides the sequence of some of the significant events that led to the blackout of the electric 
systems in the Mid-west and Northeast United States and eastern Canada on August 14, 2003. This 
explanation is intended to provide a general understanding of how the blackout evolved; it does not 
include every detail that is relevant and necessary to fully understand the root causes of the blackout. 
Such details are within the thousands of records of data that need further analysis. Those data records 
include circuit breaker operations, power plant startups and shutdowns, voltage changes, power flow 
shifts, and load shedding. A joint team from the United States and Canada is conducting a thorough 
investigation of the blackout and will provide appropriate details in a future report. 

Event Times 

The times listed in this summary were derived from the “time stamp” that accompanied each data record. 
Whenever a circuit breaker opens to disconnect a transmission line or closes to reconnect a line, or 
generating unit is brought on line or off, or voltage exceeds a specified limit, the time that event occurred 
is recorded to the nearest second (and sometimes to the fraction of a second). 

In some cases, the investigators discovered that these time stamps were not accurate because the 
computers that recorded the information became backlogged, or the clocks from which the time stamps 
were derived had not been calibrated to the national time standard. Investigators must determine which 
events are accurately time-stamped, and build from those events to cross-check other system events from 
multiple sources to verify the precise time for each event, Some of these events are still not known to the 
exact second. 

All times in the chronology are in Eastern Daylight Time. 

Voltage Collapse 

One of the characteristics of the August 14 blackout was an apparent “voltage collapse” that occurred on 
portions of the transmission system surrounding and within the northern Ohio and eastern Michigan load 
centers. Transmission system voltage is needed to transfer electric power from the generation stations to 
the load centers, and is somewhat similar in function to water main pressure. Reactive power is the 
component of total power that assists in maintaining proper voltages across the power system. Sufficient 
voltage is maintained by supplying the transmission system with reactive power from generating stations 
and static devices called capacitors. Lightly- loaded transmission lines also provide reactive power and 
help sustain system voltage. Conversely, customer loads such as motors and other electromagnetic 
devices consume reactive power, as do heavily loaded transmission lines. Therefore, as transmission lines 
become more heavily loaded, they consume more of the reactive power needed to maintain proper 
transmission voltage. 

Reactive power cannot travel long distances because it meets considerable resistance over the 
transmission lines. Therefore, reactive power sources need to be close to the point of reactive power 
demand — for example, near the load centers. When heavily loaded transmission lines disconnect, the 
lines that remain in service automaticaBy pick up portions of flow from the disconnected line, which 
increases the reactive power consumed by these lines. When reactive supply is limited, the increased 
loading will cause a voltage drop along the line. If reactive supply is not provided at the end of the line, 
the voltage could fall precipitously. At that point, the transmission system can no longer transfer electric 
power from distant generation to energy users in load centers. 


- 2 - 
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Initial Blackout Timeline 


In some instances, the reactive power demand within an area is too great for the local generating units to 
supply. In those cases, the units can trip offline (automatic separation or shut-down), either from reactive 
power overload, or because the system voltage has become too low to provide power to the generators’ 
own auxiliary equipment, such as fans, coal pulverizers, and pumps. 

The power system is designed to ensure that if conditions on the grid (excessive or inadequate voltage, 
apparent impedance or frequency) threaten the safe operation of the transmission lines or power plants, 
the threatened equipment automatically separates from the network to protect itself from physical 
damage. Physical damage, if allowed to occur, would make restoration more difficult and much more 
expensive. 

Pre-blackout Conditions 

Most of the events that appear to have contributed to the blackout occurred during the period from about 
noon EDT until 4: 1 3 p.m. EDT. Generation and transmission operating events plus scheduled interchange 
through the systems in the region may have affected events later in the day. The investigators are studying 
these events beginning at 8 a.m. on August 14 to determine whether they were significant to the blackout. 

Map Key 

The key on the right explains the lines and symbols on 
the maps that accompany this description of events. An 
“open path” or “open line” means that one or more 
transmission lines can no longer carry electricity 
between two areas; a “generator trip” means the 
generator separates from the grid and stops producing 
electricity. 

Events Leading to the Blackout 


12:05:44 - 1:31:34 PM - Generator trips 

1 . 12:05:44 - Conesville Unit 5 (rating 375 MW) 

2. 1:14:04 - Greenwood Unit 1 (rating 785 MW) 

3. 1 :3 1 :34 - Eastlake Unit 5 (rating: 597 MW) 

Conesville plant is in central Ohio and Greenwood 
plant is north of the Detroit area. Greenwood Unit 1 
tripped at 1 : 14:04 and returned to service at 1 :57. 
Eastlake Unit 5 is in northern Ohio along the southern 
shore of Lake Erie and is connected to the 345 kV 
transmission system. These generating unit trips 
(shutdowns) caused the electric power flow pattern to 
change over the transmission system. 


Events 

_ — • Line opening 

— — Path opening 

• Generator trip 
Event number 






Transmission Lines 

765 kV 

500 kV 

345 kV 

— 230 kV 
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initial Blackout Timeline 


2:02 PM - Transmission line disconnects in southwestern Ohio 

4. Stuart - Atlanta 345 kV 

This line is part of the transmission pathway from 
southwestern Ohio into northern Ohio. It 
disconnected from the system due to a brush fire 
under a portion of the line. Hot gases from a fire can 
ionize the air above a transmission line, causing the 
air to conduct electricity and short-circuit the 
conductors. 


3:05:41 - 3:41:33 PM - Transmission lines disconnect between eastern Ohio and 
northern Ohio 

5. 3:05:41 - Harding-Chamberlain 345 kV 

6. 3:32:03 - Hanna-Juniper 345 kV 

7. 3:4 1 :33 — Star-South Canton 345 kV 

These three transmission lines are part of the pathway 
into northern Ohio from eastern Ohio. At this time, 
the reason for the Harding-Chamberlain line going 
out of service is unknown. The Hanna-Juniper line 
contacted a tree, creating a short-circuit to ground that 
caused the line to disconnect itself. The Star-South 
Canton line had disconnected and reclosed twice 
earlier in the day, but the significance of those events 
is not yet clear. 

With these lines disconnected, the effectiveness of the 
transmission path from eastern Ohio into the northern 
been flowing over these lines instantly began flowing over other transmission lines, including the 
underlying 138 kV systems, that connect northern Ohio to the grid. However, this new power flow pattern 
began to overload those other lines as well. As voltage was dropping, demand of about 600 MW 
disconnected in the northern Ohio area from industrial customers (whose motors dropped offline due to 
low voltage) and distribution- level customers who were disconnected automatically from the 138 and 69 
kV transmission system. 
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Initial Blackout Timeline _____ , , 

3:45:33 - 4:08:58 PM - Remaining transmission lines disconnect from eastern into 
northern Ohio 

8. 3:45:33 - Canton CentraHidd 345 kV 

9. 4:06:03 - Sammis-Star 345 kV 

Canton CentrakTidd disconnected at 3:45:33 and 
reconnected 58 seconds later. However, the Canton 
Central 345/138 kV transformers disconnected and 
did not reconnect, isolating the 138 kV system from 
the 345 kV support at the Canton Central 
substation. The Sammis-Star 345 kV line then 
disconnected at 4:06:03, which completely blocked 
the 345 kV path into northern Ohio from eastern 
Ohio. This left only three paths for power to flow 
into northern Ohio: 1) from northeastern Ohio and 
Pennsylvania around the southern shore of Lake 
Erie, 2) from southern Ohio (recall, however, that 
part of that pathway was severed following the 
Stuart- Atlanta line trip at 2:02), and 3) from eastern Michigan. This also substantially weakened northeast 
Ohio as a source of power to eastern Michigan, making the Detroit area more reliant on the west-east 
Michigan lines and the same southern and western Ohio transmission lines. 

During the period 3:42:49-4:08:58, multiple 138 kV lines across northern Ohio disconnected themselves. 
This blacked out Akron and the areas west and south. 

4:08:58 - 4:10:27 PM - Transmission lines into northwestern Ohio disconnect, and 
generation trips in central Michigan 

10. 4:08:58 - Galion-Ohio Central-Muskingum 345 
kV 

1 1. 4:09:06 - East Lima-Fostoria Central 345 kV 

12. 4:09:23-4:10:27 - Kinder Morgan (rating: 500 
MW; loaded to 200 MW) 

When the Galion-Ohio Central-Muskingum and 
East Lima-Fostoria Central transmission lines 
disconnected, this blocked the transmission paths 
from southern and western Ohio into northern Ohio 
and eastern Michigan. Thus the combined northern 
Ohio and eastern Michigan load centers were 
connected only by the transmission lines from: 1) 
northeastern Ohio and Pennsylvania along the 
southern shore of Lake Erie; 2) western Michigan 
via the west-east lines that cross the state; and 3) Ontario. Eastern Michigan was connected to northern 
Ohio only by three 345 kV transmission lines near the southwestern bend of Lake Erie. 

The Kinder Morgan generating unit tripped (shut down) in central Michigan (loaded to 200 MW). 




- 5 - 





190 


Initial Blackout Timeline 


Power flows became heavy from Indiana and over the west-east Michigan transmission lines to serve 
loads in eastern Michigan and northern Ohio, 

The reduced transmission capacity serving the northern Ohio load centers resulted in the transmission 
voltage becoming depressed in that area as load exceeded the rapidly declining power delivery capability. 

At about 4:09, the Eastern Interconnection frequency rose by 0.020 - 0.027 Hz, which represents a 
demand loss in the range of 700 - 950 MW. 

4:10:00 - 4:10:38 PM - Transmission lines disconnect across Michigan and northern 
Ohio, generation trips off line in northern Michigan and northern Ohio, and northern 
Ohio separates from 
Pennsylvania 

13. 4:10 - Harding-Fox 345 kV 

14. 4:10:04 - 4:10:45 -Twenty 
generators along Lake Erie in 
northern Ohio (loaded to 2 1 74 
MW total) 

15. 4:10:37- West-East Michigan 
345 kV 

16. 4:10:38 -Midland 
Cogeneration Venture (loaded 
to 1265 MW) 

17. 4:10:38 -Transmission system 
separates northwest of Detroit 

18. 4:10:38 - Perry- Ashtabula -Erie 
West 345 kV 

Twenty generators (loaded to 2174 
MW) tripped off line along Lake 
Erie during the period 4: 10:04 - 
4:10:45. The loss of this generation 
increased the power flows into the 
northern Ohio and eastern Michigan 
load centers on the remaining paths, 
which included the west-east 
transmission lines that cross 
Michigan. 

The west-east Michigan 345 kV paths then disconnected at 4:10:37, leaving eastern Michigan connected 
by only a circuitous path around northern Michigan that disconnected one second later, and the 
connections to Ontario and northern Ohio. Investigators are still studying the power flows that resulted. 



At 4:10:38, the Midland Cogeneration Venture (MCV), loaded to 1265 MW, tripped offline. 
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Initial Blackout Timeline 


The MCV generation trip imposed heavier flows on the remaining transmission system, and left eastern 
Michigan and northern Ohio with very depressed voltages. The remaining transmission paths into the 
Detroit area from the northwest separated. 

At 4:10:38, the Perry-Ashtabula-Erie West 345 kV transmission line tripped, severing the path into the 
northern Ohio area from Pennsylvania along the southern shore of Lake Erie. 

Summary of the Situation at 4:10:38 

When the Perry-Ashtabula-Erie West 345 kV transmission line disconnected at 4:10:38, the entire eastern 
Michigan and northern Ohio load centers had little generation left available to them and the voltage was 
declining. The only connection between those load centers and the rest of the Eastern Interconnection was 
at the interface between the Michigan and Ontario systems. Also, the frequency was declining in northern 
Ohio in those areas that had separated from the Interconnection. 

When the transmission lines along the southern shore of Lake Erie disconnected, the power that had been 
flowing along that path immediately reversed direction and began flowing in a giant loop 
counterclockwise from Pennsylvania to New York to Ontario and into Michigan, 



We now turn our attention to the Pennsylvania, New York, Ontario, Quebec, and Maritimes areas. 
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Initial Blackout Timeline 


4:10:40 - 4:10:44 PM - Four transmission lines disconnect between Pennsylvania and 
New York 

19. 4: 10:40 - Homer City-Watercure Road 345 kV 

20. 4:10:40 - Homer City-Stolle Road 345 kV 

21. 4:10:41 - South Ripley-Dunkirk 230 kV 

22. 4:10:44 - East Towanda-Hillside 230 kV 



Responding to the surge of energy flowing north out of Pennsylvania through New Y ork and Ontario into 
Michigan, these four lines disconnected within four seconds of one another and separated Pennsylvania 
from New York. 

At this point, the northern part of the Eastern Interconnection (which still included the rapidly dwindling 
load in eastern Michigan and northern Ohio) remained connected to the rest of the Interconnection at only 
two locations: 1) in the east through the ties between New York and New Jersey, and 2) in the west 
through the 230 kV transmission line between Ontario, Manitoba, and Minnesota, 

Heavy power flows were moving northward over the New Y ork-New Jersey ties. 
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Initial Blackout Timeline 


4:10:41 PM - Transmission line disconnects and generation trips in northern Ohio 

23. Fostoria Central-Gallon 345 kV 

24. Perry 1 nuclear unit (rated 1252 MW) 

25. Avon Lake 9 unit (rated 616 MW) 

26. Beaver-Davis Besse 345 kV 

The Fostoria Central-Galion line forms part 
of the pathway from central to northern 
Ohio. That path was already blocked by the 
combination of the Galion-Muskingum- 
Ohio Central line disconnecting at 4:08:58, 
and the East Lima-Fostoria Central line 
disconnecting at 4:09:06. 

Perry 1 nuclear unit, located on the southern 
shore of Lake Erie near the border with 
Pennsylvania, and Avon Lake 9, located 
near Cleveland, tripped offline at virtually 
the same time. 

When the Beaver-Davis Besse 345 kV line, 
which connects the Cleveland and Toledo 
areas, disconnected, it left the Cleveland 
area isolated from the Eastern 
Interconnection. Cleveland area load was disconnected first by automatic underfrequency load shedding, 
and finally by the disconnection of the transmission lines. 





194 


Initial Blackout Timeline 


4: 1 0:42 - 4: 1 0:45 PM - Transmission paths disconnect in northern Ontario and New 
Jersey, isolating the northeast portion of the Eastern Interconnection 

27. 4:10:42 - Campbell unit 3 (rated 820 MW) trips 

28. 4:10:43 - Keith-Waterman 230 kV 

29. 4:10:45 - Wawa-Marathon 230 kV 

30. 4:10:45 - Branchburg-Ramapo 500 kV 



At 4:10:43, eastern Michigan was still connected to Ontario, but the Keith-Waterman 230 kV line that 
forms part of that interface disconnected. 

At 4:10:45, the Ontario system separated when the Wawa-Marathon 230 kV line disconnected along the 
northern shore of Lake Superior. The portion of Ontario to the west of Wawa remained connected to 
Manitoba and Minnesota. 

At the same time, the Branchburg-Ramapo 500 kV line was now the remaining link between the Eastern 
Interconnection and the area ultimately affected by the blackout, and that line disconnected at 4:10:45 
along with the underlying 230 and 138 kV ties in New Jersey. This left the northern part of New Jersey 
connected to New York. Pennsylvania and the remainder of New Jersey remained connected to the 
Eastern Interconnection. 

At this point, the Eastern Interconnection was split into two sections separated by an east-to-west line. To 
the north of that line was New York City, northern New Jersey, New York, New England, the Maritime 
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Initial Blackout Timeline 


provinces, eastern Michigan, the majority of Ontario, plus the Quebec system. To the south of that line 
was the rest of the Eastern Interconnection, which was not affected by the blackout. 


4:10:46 - 4:10:55 PM - New York splits east-to-west. New England (except 
southwestern Connecticut) and the Maritimes separate from New York and remain 
intact. 



During the next nine seconds, several separations occurred between the areas in the northern section of 
the Eastern Interconnection. 

31. 4:10:46- 4:10:55 - New York-New England transmission lines disconnect 

The ties between New York and New England disconnected during this period, and most of the New 
England area became an island with generation and demand balanced close enough that it could remain 
operational. However, southwestern Connecticut was separated from New England and remained tied to 
the New York system for about one minute. 

32. 4:10:48 - New York transmission splits east-west. 

The transmission system in New York split along an east-west line, with northern New Jersey and 
southwestern Connecticut connected to the eastern part of the New York system, and Ontario and eastern 
Michigan connected to the western part. During the next second, Ontario and New York would separate, 
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Initial Blackout Timeline 


with 15% of the demand across New York state disconnected automatically. About 2500 MW of Ontario 
demand automatically disconnected as Ontario attempted to rebalance its system. 

4:10:50-4:11:57 PM - Ontario separates from New York west of Niagara Falls and 
west of St. Lawrence. Southwestern Connecticut separates from New York and blacks 
out. 

33. 4: 10:50- The Ontario system just west of Niagara Falls and west of St. Lawrence separates from New 
York. 

34. 4: 1 1 :22 - Long Mountain - Plum Tree 345 kV 

35. 4:11 :57 - Remaining transmissio n lines between Ontario and eastern Michigan separate 



The Ontario-New York separation at 4:10:50 left New York’s and Ontario’s large hydro and some 
thermal generators at Niagara and St. Lawrence, as well as the 765 kV and direct current interties with 
Quebec, connected to the New York system, supporting the demand in upstate New York just south of 
Lake Ontario. Three of the transmission circuits near Niagara automatically reconnected Ontario to New 
York at 4: 1 0:56. Another 4500 MW of Ontario demand automatically disconnected. At 4: 1 1 : 1 0, the 
Niagara lines disconnected again, and New York and Ontario again separated. Most of Ontario blacked 
out after this separation, leaving 22,500 MW of demand disconnected out of a total demand of about 
24,000 MW. The eastern New York island blacked out with only scattered small pockets of service 
remaining. The western New York island continued to serve about 50% of the demand in that island. 
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When Long Mountain-Plum Tree (connected to Pleasant Valley substation in New York) disconnected, it 
left southwestern Connecticut connected to New York only through the 138 kV cable that crosses Long 
Island Sound. About 500 MW of southwest Connecticut demand was disconnected by automatic grid 
operations. Twenty-two seconds later the Long Island Sound cable disconnected, islanding southwest 
Connecticut and blacking it out. 

4:13 PM - Cascading sequence essentially complete 



The major portion of the northern section of the Eastern Interconnection (the area within the dotted line in 
the map above) was blacked out. 

Some isolated areas of generation and load remained on line for several minutes. Some of those areas in 
which a close generation-demand balance could be maintained remained operational; other generators 
ultimately tripped off line and the areas they served were blacked out. 

One relatively large island remained in operation serving about 5700 MW of demand, mostly in western 
New York. This service was maintained by generating stations south of Lake Ontario with Ontario 
generators at Niagara and St. Lawrence as well as the 765 kV and DC interties with Quebec. This island 
formed the basis for restoration in both New York and Ontario. 
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Initial Blackout Timeline 


Conclusion 

This sequence of events for the August 14, 2003 blackout summarizes some of the many significant 
events that occurred before and during this widespread and complex system failure. It reflects events that 
have been identified and verified as of September 10, 2003. Much more data collection, analysis, and 
research must be completed before the Joint United States-Canada Power Outage Task Force will be able 
to state with confidence exactly what happened and why it happened. Our understanding of the events 
described here, and of those not yet folly catalogued, may change as the investigation progresses. The 
Task Force’s future reports will include a more detailed timeline, and will address the causal relationships 
among these events. 
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Mr. Sessions. I thank the gentleman for his testimony. 

At this time I would yield to the gentleman from Michigan, Mr. 
Camp, for such time as he may consume. 

Mr. Camp. I thank the Chairman for yielding. 

Colonel McDaniel, it was certainly a trying time for all of us in 
Michigan. I want to thank you for your role in what I know were 
difficult days. My question was, in your role as homeland security 
adviser to the governor and as adjutant general for homeland secu- 
rity, what do you think, from your perspective, and also from the 
perspective of the State of Michigan, what do you think are the 
most important factors we should weigh as a committee in terms 
of how to prevent something like this from happening again, and 
also how to deal with it? You mentioned some of that in your testi- 
mony, but what do you think are the most critical things we ought 
to think about? 

Colonel McDaniel. Thank you very much for this opportunity. 

I am not sure that I can give you any real direction at this point 
on how to prevent it from happening again without really knowing 
the causes of it. Certainly, though, there are a number of lessons 
that we can take a way from it. First of all is the old military tru- 
ism that no operational plan survives the first contact with the 
enemy. I think it was very important that we had a state response 
plan in place, that we had exercised that plan on a number of occa- 
sions, that everybody knew their role, and that therefore even 
though we had, frankly, new players in some of the roles, that ev- 
erybody was able to step right in and work that plan because we 
had already exercised it earlier this year. 

Secondly, the issue of communications is always going to be one 
that has to, no matter what the event is, communications is always 
going to be a key factor, no matter what way it goes. So I think 
that having some sort of redundant communication system is really 
vitally important. Thirdly, we are still in the early stages of having 
the states and the Department of Homeland Security work to- 
gether, and that is a role that we need to really, really flesh out 
the skeleton of that plan, I think. 

Mr. Camp. How well did the states communicate with each other 
during that time? And also, the Canadian provinces? And did the 
federal government have any role in facilitating that? 

Colonel McDaniel. There really was not much communications 
between states at that point. I really think that when you look at 
this type of event, that that is the role for the Department of 
Homeland Security or the Department of Energy. We need to focus 
on the response, on the consequence management. I think that 
they can do the 30,000-foot view and say, first of all, is this man- 
made or is natural? If it is manmade, is it intentional? If it is not, 
is it still ongoing? What are the parameters? What other resources 
need to be brought to bear? They can do that overall view, and we 
can focus on what our state resources are and what other resources 
might be necessary. 

Mr. Camp. What affect did the blackout have on fire, police, med- 
ical emergency personnel that you could discuss, and were there 
telecommunications problems particularly? 

Colonel McDaniel. Right. As I indicated briefly in my testimony, 
Mr. Chairman, there were a number of problems that we had. 
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Number one, traffic signals not functioning is one of those problems 
that we should have taken care of years ago. I think that that real- 
ly highlights an important need, because right there you have first 
responders diverted from where they might be needed to doing a 
fairly mundane traffic control function. 

Secondly, it was interesting to see that a lot of first responders 
at our local units were relying upon cell phones that did not have 
an adequate radio system, and a number of cell towers did not 
have backup systems that worked. 

If I could just follow up briefly, almost every type of critical infra- 
structure that should have a generator did have some sort of gener- 
ator. However, getting back to my comment about the plans not 
surviving first contact, they had not tested those generators under 
load, so we had a lot of generators that just didn’t work. They 
might have fired them up before, but they never tested them under 
a load and actually had them producing electricity. If this had con- 
tinued, I think we would have had a problem with the amount of 
energy necessary for those generators. We were starting to get calls 
from both hospitals and some of the utilities wanting to know if we 
could help them find kerosene diesel, whatever they needed for 
their generators. 

Mr. Camp. Thank you for your testimony. I appreciate you com- 
ing out and helping the committee understand some of the con- 
cerns that went on during August. I appreciate that very much. 

Colonel McDaniel. Thank you for the opportunity. 

Mr. Camp. Thank you. 

Mr. Sessions. The gentlewoman from the Virgin Islands, Ms. 
Christensen, is now recognized. 

Mrs. Christensen. Thank you, Mr. Chairman, and I want to 
thank the panelists. As we suspected, this would have been a really 
good test of our ability to deal with a terrorist attack, even though 
the at least to date it has not been shown to do that. Mr. McDaniel, 
a number of states like yours, as well as industries, have made sig- 
nificant progress in comprehensively assessing their own critical in- 
frastructure vulnerabilities. What leadership role, if any, has the 
Department of Homeland provided in terms of guidance and assist- 
ance in those efforts? Or have you been doing it pretty much on 
your own without a framework and without the guidance? 

Colonel McDaniel. No. Thank you for that question, because it 
is a good news-bad news sort of thing. We are still working towards 
that common goal. In some respects, it was last summer, July of 
2002, that the Department of Homeland Security sponsored a crit- 
ical infrastructure evaluation workshop put on by the Rand Cor- 
poration for all of the states which was very well received. They 
have given us technical support. They have given us coordination. 
So early on it was recognized that we needed a common framework 
in terms of how we would evaluate our critical infrastructure. 

However, the bad news end of it is we are not there yet. The As- 
sistant Secretary for the Department of Homeland Security pointed 
out that they recognized certain infrastructure that they believed 
were critical and needed protection during Iraqi Freedom-Liberty 
Shield. I would say only that those critical infrastructure that they 
identified and made known to the state may or may not have been 
the same ones that the states had identified. So this is still an on- 
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going process that needs to be worked through. As I said earlier, 
we are in the process of doing our strategic needs assessment spon- 
sored by the Office of Domestic Preparedness. I think that is a vital 
first step towards coming up with a truly national plan for the pro- 
tection of critical infrastructure. 

Mrs. Christensen. Thank you. 

Mr. Dacey, I was interested in some of your comments and some 
of the parts of the report that talked about the private sector. Tra- 
ditionally, that sector is resistant to increased governmental regu- 
lation, of course, and argues that market incentives will drive need- 
ed changes. Do you think that the market would, in the absence 
of another terrorist attack, increase security practices for the in- 
dustry? And if not, what incentives do you think are needed to 
drive the industry to invest in increased security? 

Mr. Dacey. What we have said at the General Accounting Office 
is essentially that when the CIP effort started in 1998, there was 
a call for an assessment by sector of what were the appropriate 
public policy tools, if any, that were necessary to get the coopera- 
tion and participation of the private sector. I think what we have 
said consistently is that needs to happen. In looking at several of 
the sectors earlier this year when we reported, there really had not 
been extensive efforts taking place to perform that assessment. 
That could range anywhere from providing research and develop- 
ment, from providing education and awareness grants, tax incen- 
tives, or regulation. 

So we don’t really say which of those should be done, but really 
that an analysis needs to be performed to consider what would be 
the appropriate incentives for those sectors to increase their par- 
ticipation in the program. I think also part of that is there is a 
need for the department to clearly state what their expectations 
are and the level of security, and send them to the private sector 
to determine whether or not they can meet those standards or ex- 
pectations. I think that needs to happen as well to identify if there 
is any difference between the two. 

Mrs. Christensen. Thank you. 

Thank you, Mr. Chairman. 

Mr. Sessions. I thank the gentlewoman. 

The gentleman from Pennsylvania is now recognized. 

Mr. Weldon. Thank you, Mr. Chairman. Let me thank you both 
for coming in. I want to focus my comments and questions basically 
on one area of the GAO report, because GAO reports typically be- 
come very important tools for Members of Congress, especially in 
the context of going back and looking at how we deal with threats 
and the approaches that are used. I really have a problem with the 
section of the report starting on page 30, Analysis and Warning Ca- 
pabilities Need to be Improved. I agree with that statement. But 
on page 33, Mr. Dacey, you allow the FBI and its Director to 
present the case that somehow technology was not available prior 
to 9-11 to do data-mining and data analysis. 

Let me tell you something, I am not going to sit here and let that 
happen, because the facts just don’t bear that out. In July when 
I chaired the House Defense R&D Subcommittee, on July 30, 1999, 
after looking at the Army’s extensive LEWA you know what the 
LEWA is, their CERT down at Fort Belvoir. The Army developed 
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a capability that was cutting-edge, and that was to not just do in- 
formation dominance on their systems, but to also use those sys- 
tems, using tools like those developed by Battelle Labs, Starlight 
and Spires and others, to do data-mining and data analysis. They 
were on cutting-edge of that in the late 1990s, in 1997, 1998, and 

1999. We put additional money in to allow them to accomplish 
that. 

In July of 1999, I wrote to Deputy Secretary of Defense John 
Hamre. I said, “John, you have to look at this capability because 
it has tremendous implications for us to monitor external threats 
and to bring that together and assimilate it.” He went down. He 
agreed with me. I had done some test work with him on an assess- 
ment of a person who was involved in the ending of the Yugo- 
slavian war. From that, we put together a briefing in 1999 that I 
have a copy of, that basically outlined a national operations and 
analysis hub, a national data-mining center that would bring to- 
gether all 33 classified systems of the federal government, all 33 
classified systems. John Hamre said, “Congressman, I agree with 
you. I will pay for it. But you have to get the other agencies, the 
FBI, and the CIA, to agree, and that is a tremendous turf battle.” 

So John Hamre suggested to me that I convene a meeting in my 
office with his counterparts from the CIA and the FBI. In the fall 
of 2000, I did that. I had Deputy Secretary of Defense John Hamre, 
the deputy head of the FBI and the deputy director of the CIA in 
my office for an hour. We went over this initiative. We said we 
have to have better access to coordinate intelligence information so 
that we can see the bigger picture of what is occurring. And the 
CIA and the FBI, that are now trying to take credit for it in 2002 
in saying there was no capability, in 2000 said, “We don’t need it; 
we don’t need that capability.” 

So it is important that GAO go back for the record, and I am 
going to ask unanimous consent to put this documentation in the 
record. 

Mr. Sessions. Without objection, it will be accepted into the 
record. 

Information is in the committee files. 

Mr. Weldon. As well as news articles that ran in 1999 and 2000 
that the GAO should have been aware of, that it was a major pri- 
ority of this Congress that we establish an integration of data-min- 
ing and data analysis to avoid what happened on September 11, 
2001. If we had done that back in 1999, if we had done that in 

2000, we would have had a capability to pull the pieces together 
that in your report the FBI director in 2002 says, “Enhanced ana- 
lytical data- mining capacity that was not then available.” That is 
wrong. Raytheon had that capability. Busity Visioneering had it. 
The Army was using it down at the Fort Belvoir LEWA Center, 
and so was Special Forces, Special Operations Command down in 
Florida. They set up a mini-version of this analysis capability. In 
fact, before 9-11, they had a complete profile of al Qaeda, a com- 
plete profile by doing the data analysis that the FBI and the CIA 
say we don’t need. 

I think it is important because these agencies now want to re- 
write history. They want to have us believe that they couldn’t have 
done things before 9-11 because the technology wasn’t there. That 
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is wrong. And in the record, I will put the facts to bear out before 
the comments of the head of the CIA or the FBI. The fact that you 
put that in the GAO report, this becomes like a Bible, like “oh, 
well, that is the case; there was no technology.” I would ask you 
for the record to correct that, and I will give you all the documenta- 
tion to back that up. 

Mr. Dacey. I appreciate that. I will go back to check through our 
records as well, but I believe that references the fact not that it 
wasn’t available, but that they did not have that capacity. 

Mr. Weldon. No, what he said in the record, which was not re- 
futed by the GAO, was it was not available. And I would also ask 
you to put in the record in two successive defense bills, language 
that we inserted that called for a national collaborative information 
analysis capability in 2 successive years. I mean, the GAO had to 
know that. It is a part of the record of defense authorization bills 
that we pass each year. I want to show the fact that the Congress 
as far back as 1999 and 2000 was clearly aware of what you are 
saying is a top priority now. We knew this was the case, not after 
9—11, before 9—11. 

Mr. Dacey. Right. And our work related to that was before 9— 
11 where we identified that these needs need to be filled and they 
didn’t have them at the time. 

Mr. Weldon. I just would ask you to correct for the record the 
fact that the Congress did not allow the FBI to try to rewrite his- 
tory to make it appear as though there was no technology avail- 
able. Those software systems by Battelle were done back in the 
mid-to late-1990s. They were clearly available to the FBI and the 
CIA before 2002. For the director to say that they weren’t available 
is just technically inaccurate. 

Thank you. 

Mr. Sessions. I would like to inquire upon you, Colonel 
McDaniel, at the time you gave your original testimony you talked 
about at the border on the Canadian side, at what would be the 
equivalent of the United States Customs was not online and able 
to process, yet the United States Customs, at least that bridge 
there in Michigan was able to process those things. Was this off of 
generators? Was this off a well- executed plan? Was this off a 
backup? Or did they simply not go down? 

Colonel McDaniel. They switched to generators, the U.S. Cus- 
toms and the bridge itself. It is a privately owned bridge. Those 
two systems switched to generators themselves, and so there was 
a momentary blip. I just talked to them 2 days ago to confirm this. 
They held their breath to make sure the commuter systems didn’t 
knock out. They didn’t. Everything was ready to go and continued. 

That bridge is obviously the auto industry’s biggest in terms of 
free trade, and with the auto industry and the parts going back 
and forth, that is the most crucial crossing that we have. So it 
turned out, of course, the auto industry was down because of the 
loss of power as well. If not, though, again, it is the cascading ef- 
fects that I tried to indicate in my written testimony that could 
have been worse there. 

Mr. Sessions. The things which you have done within the State 
of Michigan to be in preparation for this event and many others, 
did it include this specific type of circumstance or was this some- 
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thing that was reasonably new and you treated as a real live exer- 
cise? 

Colonel McDaniel. First of all, we absolutely did treat it as a 
real live exercise. Everybody in the state emergency operations cen- 
ter realized that it was a great opportunity to make sure that the 
plan worked. This was included in the plan. This was one of the 
potential events that might have occurred as a result of the millen- 
nium changeover that people were worried about, so that everybody 
was fairly ready. We could just pull the plan off the shelf and dust 
it off a little bit. So we were prepared for this potential event. 

Mr. Sessions. At the time that you talked about the communica- 
tions plans and the things that you felt that the communication 
was good back and forth, did within the State of Michigan, did you 
ever receive an indication before the blackouts occurred that there 
was a problem that you should be prepared or was that held within 
the power plants or did they communicate back and forth? 

Colonel McDaniel. My understanding, and of course you are get- 
ting outside my area of expertise, but my understanding is that 
there were events that afternoon prior to the outage. We were not 
aware of those low-voltage type events at the state EOC, at the 
emergency management division of the state police or at the Na- 
tional Guard or at the governor’s office. We were not aware of those 
events, and I do not believe the Public Service Commission, our 
regulatory agency for utilities was either. If we had been, it may 
have made a difference. I would be speculating to say that, but we 
could at least use some form of communication to the general pub- 
lic if we knew that was happening, rather than try and jerry -rig 
a system for getting the message out to the public after the fact. 
What we do is, Michigan State University is right there. It is large 
enough that it has its own power plant, not just generators, so that 
they can generate. They have a turbine hooked up to the boiler, in 
essence, so they generate enough power that we can send out a TV 
signal to the other TV signal receivers outside of the affected area 
and get the message out from the governor that way. But for hav- 
ing that system in place and having it almost immediately avail- 
able, we may not have been able to get the message out to the gen- 
eral public as easily as we did. Certainly, I think that there should 
be some sort of emergency alert system that is in place, that is 
working from DHS down to the public, as well as to the state agen- 
cies themselves. Within the last week or so, I received a letter from 
the director of NOAA that went out to all the state homeland secu- 
rity advisers indicating that NOAA was going to be the primary 
agency to get the message out to the general public. I have not 
seen any acknowledgement of this as of yet from the Department 
of Homeland Security. 

Mr. Sessions. Can you give me a sense of what happened on the 
ground in Michigan in terms of people’s TVs going out, TV stations 
going out, radios going out, telephones going out? Was there a time 
frame or a timing delay that could have caused a lot of panic and 
chaos between the time that the TV station came on from the uni- 
versity? 

Colonel McDaniel. This was early enough in the afternoon that 
it was still certainly daylight out, so the people had plenty of time 
to respond and prepare for the evening hours and try to stock up 
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at the stores, if they had not done that already. However, there 
was an immediate loss of electricity. For the radio and TV stations, 
there was a loss momentarily until the ones that had backup gen- 
erators worked. Obviously, a lot of people did not have old-fash- 
ioned phones. Everybody’s phone is portable, a hand-held device 
which requires electricity these days, or a cell device, and not all 
of those towers worked. So there were a number of instances where 
the communication systems were more reliant on electricity than 
we believed that they would be. Again, even those radio and TV 
stations that had generators, the generators didn’t work because 
they had never been tested. So they weren’t ready to work under 
load. They weren’t the right capacity generator. And then the other 
problem, as I said, was 24 hours later they were staring to run out 
of power. Both TV and radio, as well as the telephone companies, 
were calling as well. 

Mr. Sessions. It seems, at least to this member that perhaps 
part of our emergency preparedness plan should be, please, if you 
are a consumer, turn off anything that you don’t reasonably need 
except a TV or a radio or something else. Did that becomes a glar- 
ing point to you and the people in Michigan at the time that this 
occurred because of the load factor? 

Colonel McDaniel. Absolutely. I apologize. I meant to mention 
that before, both in terms of the use of electricity and the use of 
water. This was a very hot day in the summer where the usage on 
the Detroit water system was almost a billion gallons a day. The 
system, even after it came back up on generators, could only han- 
dle about 400 million gallons per day. If we had had a method, if 
we had some sort of warning that this was going to happen, and 
could have gotten out to decrease your electricity, decrease your 
water use ahead of time, it probably would have made it easier for 
the system to come back on. 

Mr. Sessions. Had you seen brown-outs that had been occurring? 
I think we have gotten used to hearing the term “brown-outs” or 
rolling brown periods that have occurred. Was that seen at all a 
day or two or hours before? 

Colonel McDaniel. No, there was no indication like that. 

Mr. Sessions. No indication at all? 

Thank you. 

Mr. Dacey, you have heard a great deal of testimony today from 
any number of witnesses and I believe that probably you have a 
bird’s eye view of a lot of the things that we have talked about that 
you have studied before today. Could you have seen this coming? 
Could you have seen the response? Was this predictable with how 
these things happen, not that the event happened, but the re- 
sponse? And what would be your analysis of that, because from this 
member’s perspective, I was generally pleased with the lack of 
chaos that was exhibited all across the power grid, where it went 
down, by people. I felt like that elected officials and others were 
prepared and that they really did a good job. 

What would be your evaluation from looking at it now if you had 
gone back and were offering as just a prediction? 

Mr. Dacey. In terms of whether the whole process could have 
been foreseen, I guess that gets back to some of the earlier discus- 
sion. I think we are making progress based upon Mr. Liscouski’s 
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testimony in really identifying some of the vulnerabilities in these 
infrastructures. We heard other testimony about the states doing 
efforts as well. I think that is critical, as well as the interdepend- 
encies, which we talked about earlier today. Because until we fully 
understand those, it is going to be very difficult to understand 
what are the implications, what happens next. I think just based 
upon a personal perspective, not based upon our security work, I 
was very pleased that nothing more serious happened than did. 
But in terms of again, projecting that, I don’t know if that would 
have been possible. We are now discussing some of the kind of 
things though that may have contributed in terms of the capacity 
of our transmission lines. Those are all really a part of a vulner- 
ability analysis and assessment that needs to be done across all of 
the infrastructures to decide what are critical points in those infra- 
structures. Do we have weaknesses or vulnerabilities? What is the 
cost to fix those, and how are you going to pay for those? I think 
that is the critical lesson to learn here in the process and that 
needs to be done. Again, there are efforts in that direction, but 
there is ways to go. 

Mr. Sessions. I thank the gentleman. 

At this time, the Chairman would like to not only thank both of 
you for being here today, but in particular Colonel McDaniel, I note 
from your resume that you have spent 18 years with the Michigan 
National Guard. This member is not only proud of your service, but 
also the other men and women who serve in the Guard, all across 
this great nation. You are a shining example of the type of people 
who serve this great nation. I want to thank you for your service, 
not only today and to the State of Michigan, but also to this nation 
for that which you do. 

So I would like to thank both panels at this time for their partici- 
pation. 

The chair notes that some members may have additional ques- 
tions for this panel, which they may wish to submit in writing. 
Without objection, the hearing record will remain open for 10 days 
for members to submit written questions to these witnesses and to 
place their responses in the record. 

There being no further business, I again thank the members of 
both the Cyber Security, Science Research and Development Sub- 
committee and the Infrastructure and Border Security Sub- 
committee and to our witnesses today. 

The hearing is now adjourned. 

[Whereupon, at 5:29 p.m., the subcommittee was adjourned.] 
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APPENDIX 

Material Submitted for the Record 

Questions and Responses Submitted for the Record by James R. Langevin 

September 4, 2003 

There has been widespread concern in the industry and on the local level that 
DHS is not putting nearly enough effort into sharing information outside the De- 
partment. The Undersecretary for Information Analysis and Infrastructure Protec- 
tion has not made any indication as to what priority DHS places on infrastructure 
protection. California and New York were the first states to identify their critical 
infrastructure, and several smaller states are following suit. Critical infrastructure 
typically includes the electrical grid, water supply, communications/telephone lines 
and bridges or tunnels. Unfortunately, once states bave accomplished this, there has 
not been much support from DHS on what the next step is. 

Question: a. What role has the Department of Homeland Security played in 
providing information, promoting information exchange across sectors, or 
assisting with solutions for problems common to critical infrastructure in- 
dustry? Has this role been sufficient? Could it be improved? If so, how? In 
particular, do you believe that those who need to know have the proper in- 
formation regarding potential threats, so that they can allocate resources 
and improve protection in the right places? 

McCarthy Response: 

The Department is addressing the issue of information sharing through two mech- 
anisms: the Information Analysis & Infrastructure Protection Directorate, and the 
Department’s Office of the Private Sector Liaison. 

The Information Analysis & Infrastructure Protection Directorate (IAIP) has 
taken the lead on promoting information sharing across sectors. Its overall goal is 
to provide the private sector with “actionable intelligence” — timely, accurate infor- 
mation that can help apprehend terrorists and prevent their attacks. To that end, 
the IAIP recently established the National Cyber Security Division (NCSD), a 24 x 
7 cyber “watchdog” that will provide analysis, alerts, and warnings, as well as im- 
proving information sharing. In the life span of the Department, the NCSD is rel- 
atively young, but we look forward to its continued growth and progress in the days 
and months to come. 

The Office of the Private Sector Liaison is another key component to strength- 
ening the public-private partnerships. Through Albert Martinez-Fonts, the Liaison’s 
office provides businesses with a direct line into the Department. It acts both as an 
advocate for the private sector, by informing the Secretary of its concerns, and as 
a clearinghouse, by directing businesses to the appropriate agency or directorate. 
With so many of our critical infrastructures owned and operated by private entities, 
this office will play a pivotal role in ensuring that both sides know exactly what 
is at stake. 

One of the Liaison’s main services is coordinating with ISACs, trade associations, 
and businesses whenever there is a change in the threat level. The Liaison provides 
guidelines and suggestions to private sector entities, so they may properly respond 
to the changes. Additionally, the Liaison clarifies liability and compliance issues to 
those businesses affected by new homeland security laws or regulations. Over time, 
it is expected that both the IAIP and the Office of the Private Sector Liaison will 
experience increased efficiency. 

Orszag Response: 

Private-sector representatives regularly tell me that they do not receive useful 
guidance or information from the Department of Homeland Security. That is part 
of a broader problem: The Department has been moving much too slowly to spur 
homeland security activity in the private sector. As my co-authors and I discuss in 
Protecting the American Homeland, designing appropriate incentives for private 
firms to undertake homeland security investments is among the most difficult chal- 
lenges in the homeland security area. In the two years since September 11th, we 
have failed to move aggressively enough in tackling this challenge. 

Watson Response: 

To date, DHS has not established an efficient, comprehensive mechanism to com- 
municate changes in homeland security alert warning levels. However, by absorbing 
the National Communications System (NCS) and continuing to support its associ- 
ated Telecom ISAC work, DHS has provided daily updates and periodic summaries 
of relevant information affecting most critical infrastructure sectors. These reports 
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are informative and include links or contact information so that recipients can fol- 
low up to learn more details as required. In addition, DHS forwards information 
from Telecom ISAC members, government agencies, and other ISACs regarding new 
threats, anomalous activity, or advisories of immediate concern to critical infrastruc- 
ture owners and operators. The cooperation across the leading ISACs has improved 
steadily over the last year, and the DHS/NCS effort has been a major part of that 
cooperation. Until DHS puts together a comprehensive information sharing strategy 
and architecture in collaboration with the private sector, the existing solution will 
continue to be inadequate, serving neither the private nor public sector well. 

Even though DHS has promoted information exchange across sectors by hosting 
meetings of the ISAC Council (ad hoc council of the leadership of the 10 largest in- 
dustry ISACs), and meets regularly with the critical infrastructure Sector Coordina- 
tors to learn of sector and cross-sector requirements that require DHS assistance, 
it has not developed a comprehensive architecture describing the functions, relation- 
ships, and mechanisms for information sharing in coordination with the critical sec- 
tors. I would encourage a much more robust effort by DHS with Sector Coordina- 
tors, ISAC entities, and those representing critical infrastructure operations to de- 
velop and implement a full-function architecture. An attempt by DHS to independ- 
ently craft a comprehensive approach without the commitment of the private sector 
that manages most of the critical infrastructures is doomed to failure. 

Has DHS assisted with solutions? It is probably too early to answer this com- 
pletely. DHS has established a dialog with Sector Coordinators and the ISACs, 
hosted the Homeland Security Standards Panel of the American National Standards 
Institute (ANSI HSSP), and is beginning to help in the development of sophisticated 
modeling and public-private exercises to determine requirements and then develop 
solutions. 

Has this role been sufficient? By what measure? If the question is whether DHS 
efforts have been sufficient to solve critical infrastructure problems, the answer is 
no. If the question is whether DHS has met expectations given the short life of the 
department, its learning curve, and the as-yet undefined set of requirements from 
industry, the answer is a qualified yes. 

Even though the Marsh Commission (President’s Commission on Critical Infra- 
structure Protection) clearly identified the problem five years ago, and Federal gov- 
ernment and industry stakeholders had accomplished a great deal since, the very 
act of reorganizing all the Federal agencies involved in critical infrastructure protec- 
tion, installing an entirely new set of leaders, and refining requirements through 
three new national strategy documents has brought early progress nearly to a halt. 
DHS has done very well to work through this turmoil to get things moving again. 

Could DHS’s role in information sharing be improved? Absolutely. 

Industry Sector Coordinators must be expeditiously identified for those new sec- 
tors added in the National Strategy for Homeland Security. The role of Sector Coor- 
dinator must be defined, promoted, and socialized at all levels of government and 
the critical infrastructure industries. The Sector Coordinators should be a first point 
of contact for information. An effort should be made to tailor homeland security 
alert levels to sectors or regions, rather than confuse everyone by publishing a one 
size fits all color code that few can use practically. Before being absorbed by DHS, 
the Critical Infrastructure Assurance Office (CIAO) developed and conducted Project 
Matrix, which methodically identified critical assets and dependencies within and 
across all Federal departments and agencies. What has become of Project Matrix? 
If its methodology was sound, could it be used by critical infrastructure sectors in 
a similar way? 

Sectors generally have extensive knowledge of their critical assets, but not of their 
critical dependencies on other sectors, or detailed knowledge of others’ dependencies 
on them. This knowledge deficit could be partially remediated by modeling inter- 
dependencies and conducting exercises designed to highlight interdependencies, 
identify regional stakeholders, resulting in comprehensive cross-sector contingency 
plans. Sector Coordinators and their representatives should be involved in the cre- 
ation, design, development, and leadership of these exercises and models, rather 
than simply be invited as observers or last-minute add-on participants. 

Do the right people have enough information regarding potential threats to prop- 
erly allocate resources? Resource allocation is part of risk management decisions. I 
think DHS has the correct strategy here. Specifically, stakeholders need to under- 
stand the nature of critical vulnerabilities in sectors and the scope of potential im- 
pacts if exploited; consider these vulnerabilities in the context of intelligence, under- 
standing threat and adversary capabilities; then make judgments on what protective 
actions should be prioritized. More structured engagement with the private sector 
on identification of critical vulnerabilities needs to be developed. This is more about 
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getting the right people together from each sector in organized effort than about a 
simulation task. 

Except for a few specific instances, when industry stakeholders are given access 
to government classified information on threats, the information is insufficient to be 
actionable. In those instances when DHS learns of specific information that could 
help a single sector or company defend itself, it has been very proactive in getting 
that information to the right people as soon as possible. Rather than attempt to 
learn more about who or why someone or some group might target American critical 
infrastructures, I recommend greater efforts in vulnerability and interdependency 
analysis in order to get at the how and what could be done. Industry should lead 
in development of defense-in-depth technologies and procedures, with support and 
coordination provided by the government. The greatest progress toward a secure 
critical infrastructure can be made by hardening infrastructure protocols and imple- 
menting industry best practices. This is why I repeatedly stress the importance of 
research, modeling, and exercises. 

Question: b. One issue that has been raised is the private sector not shar- 
ing information on vulnerabilities with each other or government due to 
FOIA concerns. How do you think we can work around this stumbling 
block? One suggestion is to set up a national center to monitor critical in- 
frastructure where information could be sent confidentially (would classi- 
fication help); another is to strengthen the information sharing and anal- 
ysis centers’ and their relationship to DHS. What do you see as the advan- 
tages and disadvantages to either of these approaches? Is there a better 
way to spur sharing relationships so that the right people can be talking 
about these problems before they happen rather than after? 

McCarthy Response: 

The GMU CIP Project held an ISAC Conference on August 11, 2003. The overall 
topic was “Information Sharing and Analysis Centers: Defining the Business Case.” 
Participants included representatives from almost every critical sector, the ISACs, 
and members of federal and state governments. The result of this conference is a 
White Paper, including findings and recommendations, which is attached to this 
document. 

One of the questions the Conference strove to answer was “What is government’s 
role and responsibility to promote ISAC functionality and growth?” Overall, industry 
looks to government for cooperation in information sharing. The relationship should 
be embodied by a dynamic, two-way process: ISACs can share operational informa- 
tion, while the government provides timely intelligence and data analysis. This col- 
laborative process would strengthen the ISAC relationship with government, and 
perhaps encourage more meaningful sharing on both sides. 

Orszag Response: 

I share the concern that extant rules on disclosure, including FOIA and FACA, 
may limit the degree of useful information sharing that occurs between the private 
sector and the government. However, I lack sufficient expertise in the area to pro- 
vide specific recommendations to you. 

Watson Response: 

Industry is encouraged by the inclusion in the Homeland Security Act of a specific 
exemption to FOIA for critical infrastructure information (CII) voluntarily shared 
with DHS. With that provision, one obstacle to sharing vulnerability information 
with the Federal government has been removed. Additional barriers such as anti- 
trust, liability, relevance, applicability, fairness, and competitive issues need to be 
addressed as well. 

Follow-on efforts must be made with the 50 states and foreign governments to en- 
sure that non-Federal jurisdictions can protect information from American compa- 
nies as well, or they should only obtain CII information from DHS where it is pro- 
tected as CII.. 

The idea of a national critical infrastructure information center, as opposed to 
strengthening and coordinating with the various ISACs, has both advantages and 
disadvantages. On the positive side, it would provide a single clearinghouse for all 
critical infrastructure information, simplifying the job of government in knowing 
whom to contact or where to go. On the negative side, it would add a bureaucratic 
layer, potentially dramatically slowing the flow information into and from the Fed- 
eral government. Such a center would require special expertise from each of the crit- 
ical sectors, access to industry ISACs, robust, secure communications capabilities 
with DHS and other relevant Federal departments and agencies, and equally robust, 
secure, and rapid communications capabilities with state and local governments and 
first responders. It could also create a target and a vulnerability due to the cen- 
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tralization of its information. Sensitive information is often compartmentalized and 
not centralized. 

There is no one size fits all solution. Sector Coordinators, in collaboration with 
DHS, should establish the information sharing mechanisms preferred by each sec- 
tor. Industry is deriving value from the existing ISACs, and I believe they will con- 
tinue to evolve, maturing into reliable, timely clearinghouses of great benefit to 
their sectors. Because of the heterogeneous nature of the sectors, any universal ap- 
proach will not achieve the full goals intended by the original recommendations of 
the original President’s Commission. As such, I do not support the idea of a Super 
ISAC beyond the current cooperative model developed through collaboration by the 
sectors and DHS. DHS has a legitimate need for certain information. The more spe- 
cifically DHS can state information requirements, the more likely the department 
would receive it. DHS should be identifying the categories of information they would 
like to see for specific critical DHS functions from the private sector and then let 
the private sector determine if and what information can be provided. Again, a more 
structured approach communicated to the private sector would go a long way. 

The National Infrastructure Advisory Council (NIAC) will be submitting rec- 
ommendations to the President soon on Vulnerability Disclosure Guidance and En- 
hancing Information Sharing. The NIAC includes key critical infrastructure cor- 
porate, state and local leaders, and has been very inclusive of Sector Coordinators 
and the ISACs as it has developed its guidance. The National Security Tele- 
communications Advisory Committee (NST AC) will also be submitting rec- 
ommendations to the President on Barriers to Information Sharing. I respectfully 
advise the Committee to review these recommendations to develop appropriate pub- 
lic policy. 

c. Mr. McCarthy, one of your graduate students recently received a fair 
amount of national notoriety for mapping the fiber-optic network that con- 
nects every business and industrial sector in the American economy. 

Question: i) Could you discuss that project and it’s potential impact in 
further detail? “What was the response it received from national secu- 
rity officials and owners of critical infrastructure? Did the DHS com- 
ment on it? 

Question: ii) In light of this achievement, has DHS been able to produce 
a comprehensive national critical infrastructure and key asset list, 
database, or map? If so, can you describe its progress? In your esti- 
mation, how long would it take for DHS to perform a comprehensive 
national assessment of critical infrastructure and compile a com- 
prehensive national list ? What impediments exist to getting this done? 
What would it take for the DHS to produce an "integrated critical infra- 
structure and key asset geospatial database" as envisioned in the Na- 
tional Strategy for the Physical Protection of Critical Infrastructures 
and Key Assets? Once it was completed, what would be the best use of 
such a database? 

McCarthy Response: 

i) Sean Gorman, a graduate student in George Mason University’s School of Pub- 
lic Policy has spent the past four years mapping the nation’s fiber-optic network and 
the industrial sectors that are linked to it. The map was created by mining publicly 
available information and combining it with mathematics to create a geospatial rep- 
resentation of our nation’s communications infrastructure. This project is the basis 
for Mr. Gorman’s PhD thesis. 

This experience has taught us how to do this kind of research and how to reach 
out to various government agencies, make it available to them, and also expand our 
understanding and the body of knowledge. Meetings with appropriate stakeholders 
allowed the research project to set up some guidelines of what would be a good idea 
to publish and what wouldn’t, and to set up a structure to look at what was and 
wasn’t sensitive. 

The research itself is focused on methods used to further the research commu- 
nity’s understanding in the areas of Spatial Small Worlds and Network Theory. A 
by-product of this research is information that may be useful to government agen- 
cies in protecting our homeland; this portion of the research has been shared with 
the appropriate agencies. As soon as the project was proposed, the need to study 
these systems in terms of their impact to our National Security, National Economic 
Security, Public Health and Safety, and Public Confidence was apparent. This re- 
search has as an objective to evaluate these systems to understand their: 

Reliability — stability of existing systems and parts of systems 
Redundancy — alternatives identified in advance of disruption 
Resiliency — how fast can it systems can be restored after disruption 
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Vulnerability — economic, social, and societal impact of system disruptions 

All of these questions need to be answered in order to manage priorities in direct- 
ing safety activities in any diverse and spatial distributed system. Sources of poten- 
tial disruption are natural disaster (floods, hurricanes, tornadoes, earthquakes, etc.), 
technological problems including (fires, short circuits, etc.) or terrorist attack. While 
each of these types of potential disruptions are important, the need to better under- 
stand the probability and implications of deliberate attacks has only recently be- 
come an area of serious academic research. This kind of work is vital to managing 
the Nation’s critical information infrastructure assets. 

ii) Mr. Gorman’s work, although comprehensive, deals with only one small piece 
of the nation’s key assets and critical infrastructures. Robert Liscouski, DHS Assist- 
ant Secretary for Infrastructure Protection, has pointed out that it could take years 
to create a comprehensive risk assessment database.. There are thirteen defined 
critical infrastructures, plus five key asset categories. The issue is not one of specific 
impediments or delays, but rather that the process is necessarily complex if it is 
to be comprehensive. Such a project will require intense, prolonged focus to be com- 
plete and accurate. 

Responses to Questions for the Record submitted by the Honorable Jim 

Turner 

September 4, 2003 

For all witnesses: 

Question: 1 . In your opinion, which of our critical infrastructure sectors 
pose the greatest national security concern, in terms of risk of attack, vul- 
nerability to attack, and potential consequences? Please rank — in relative 
order starting with the highest concern — the top five critical infrastructure 
sectors that you believe pose the greatest risk. Briefly discuss the reasons 
for your selections and rankings. 

McCarthy Response: 

It is impracticable to quantify which critical infrastructure is most important, or 
“of greatest national security concern.” One key aspect of the criticality of a par- 
ticular infrastructure, or set of infrastructures, may arise from physical aspects of 
siting, collocation, uniqueness and shortages of equipments, volatility of infrastruc- 
ture components or materials, or the logistical or supply chain impact of loss of a 
critical path process. These aspects of criticality are loosely identifiable from geo- 
graphic or spatial economic analyses in conjunction with interruption of service ac- 
tions. Other key aspects of criticality of particular infrastructures, or sets of infra- 
structures, may result from interdependency between systems, cascading effects due 
to disruptions moving through interdependent infrastructure configurations, or sys- 
tem conditions reaching states of threshold failure. This would be the case where 
one infrastructure system fails because another infrastructure did not deliver its an- 
ticipated inputs, due to a lack of capacity or unfulfilled demand. With so many vari- 
ables to consider, and so much data to weigh and process, I cannot say with any 
confidence that any infrastructure is any more critical or vulnerable than any other. 
The focus should be on maintaining robust systems for all critical infrastructures. 

Orszag Response: 

Although I am hesitant to select five sectors and then rank them, one sector clear- 
ly warrants immediate attention: the chemical industry. It is now more than two 
years after September 11th and more than a full year after Secretary Ridge wrote 
in the Washington Post that voluntary efforts were not sufficient to provide the 
proper level of security in the chemical industry. Yet nothing has happened to force 
chemical facilities to move beyond voluntary efforts. The continue lack of adequate 
security measures at the nation’s chemical facilities, as vividly demonstrated in a 
recent 60 Minutes expose, is astonishing. 

Watson Response: 

I do not believe there is a single sector that is most critical. The PCCIP (Marsh 
Commission) got it right when it identified eight sectors as critical to the operation 
of government and the well-being of our citizens, their dependence on computer net- 
works, and their interdependence. Successfully attacking any of the critical infra- 
structures would have cascading effects on multiple others. The problem, and the 
risk, is that these dependencies are still poorly understood. I do believe that the sec- 
tor definitions need to be refined the original eight may accurately identify the most 
critical industry areas, but the sector definitions do not necessarily agree with how 
industry understands and organizes itself. For example, telecommunications (or 
communications) and IT are very different industries, but were grouped as a single 
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sector by the PCCIP. Also, electric power and oil and gas were identified as two sec- 
tors by the PCCIP, but most energy companies produce and provide both forms of 
energy. 

Criticality must also be defined. Is it important to know what the immediate ef- 
fects of a sector specific outage are on other sectors, or the long-term impact, if sus- 
tained? Does criticality include financial impact, cost of recovery, and effect on con- 
sumer confidence, or is it simply limited to the ability to conduct business in the 
affected sector? 

A strong argument can be made that telecommunications is the most critical in- 
frastructure, since it typically is the one other critical infrastructure sectors cannot 
work around. For electric power, backup generators can be employed for a time; 
water tanks can be provisioned; but no viable alternative to telecom is typically 
available. However, in terms of attack, many focus on transportation and IT because 
they are the infrastructures that can most easily be converted into offensive weap- 
ons. 

All that said, the NIAC Interdependency and Risk Assessment Working Group 
submitted its final report to NIAC members October 14, 2003. That report included 
results of a survey of Sector Coordinators and key infrastructure owners and opera- 
tors regarding their top dependencies. Respondents were asked to list the top three 
sectors on which they depend, and the top three sectors that depend on them. In 
terms of short-term dependencies, the overall top three were 1) telecommunications 
and IT, 2) electricity, and 3) transportation. However, adding long-term impacts 
broadens the list of critical dependencies. Without financial services, business comes 
to a grinding halt in a matter of days. Without safe food, clean drinking water, and 
available health care, public health also reaches a crisis in days. Without emergency 
police, fire, and medical services, the ability to respond and contain emergencies is 
severely impacted. Long-term impacts of transportation failures are far more severe 
than the short term. 

Rauscher Response: 

With brief reflection on which of the nation’s critical infrastructure sectors poses 
the greatest national security concern, one could identify the financial sector — be- 
cause it has been the target of past attacks, or the communications sector — because 
of it’s vital role in the operations of all sectors, or the energy sector — because of its 
foundational role as enabler for all other sectors. However, with the stakes being 
what they are, considerably more discussion is needed. My most useful guidance to 
the Committee is a review of the underlying method of identifying where the real 
greatest concern is. 

Ranking infrastructure sectors is difficult, and can be misleading without speci- 
fying prioritizing parameters. By definition, each critical infrastructure sector is in- 
herently critical. Also, each sector has direct and indirect dependencies on the other 
sectors. In fact, there are intricate webs of dependencies threaded throughout these 
sectors. In addition to this complexity, some dependencies are new or are otherwise 
not well understood. 

The question of which infrastructure sectors are at most risk of attack is deferred 
to those responsible to gather and process the information that can support such 
insights. Vulnerabilities and consequences are addressed below. 

Which critical infrastructure sector poses the greatest national security concern, 
in terms of vulnerability to attack? The sector that poses the greatest national secu- 
rity concern is the one that does not have a comprehensive list of its vulnerabilities 
based on the intrinsic attributes of its basic building blocks, and does not have a 
systematic framework for effectively covering these vulnerabilities. An impact on 
anyone sector can have a domino effect on all of the other sectors 

All of our critical national infrastructure sectors have vulnerabilities. Further- 
more, there are vulnerabilities that cannot be removed — they will exist and we must 
learn how to address them while they remain in our midst. With the current, exten- 
sive discussion on “vulnerabilities”, clarification is helpful regarding the use of this 
term. A “vulnerability” is an opening, or a soft area, or susceptibility. Vulnerabilities 
are intrinsic attributes of the building blocks that make up our infrastructure. For 
example, the Federal Communications Commission (FCC) Network Reliability and 
Interoperability Council (NRIC) Physical Security Focus Group identified eight 
building blocks, or ingredients, that make up the communications infrastructure: 
Power (internal systems), Environment, Hardware, Software, Network, Payload, 
Policy, and Human. 

Each of these ingredients has intrinsic vulnerabilities. For example, Environ- 
ments can be accessed or destroyed, People can be deceived or fatigued, Policies 
have unintended side effects, and Hardware semiconductor materials can be over- 
stressed by electromagnetic energy or fail in extreme temperatures. 
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As Superman had a vulnerability to kryptonite, so the building blocks of our infra- 
structure have attributes that we must first identify, and then learn to protect ap- 
propriately. For example, the NRIC effort previously mentioned required an unprec- 
edented level of industry engagement and collective expertise to systematically iden- 
tify the vulnerabilities in each ingredient. This process then produced world class, 
voluntary. Best Practices guidance for preventing the future exercise of such 
vulnerabilities, or for mitigating the impact of a future attack. Furthermore, be- 
cause the intrinsic attributes of these ingredients are commonly known, this vulner- 
ability framework is effective in avoiding disclosure of sensitive information. 

The crucial concept is not so much to identify which sector has the greatest vul- 
nerability, but to identify which sector has the greatest vulnerability that is remain- 
ing unaddressed. There are surface vulnerabilities that exist in a configuration or 
combination of ingredients. These can sometimes be removed by a reconfiguration 
or replacement of one ingredient with another. However, it is a misperception to 
think that all vulnerabilities can be removed. They must be identified, their nature 
understood, and then addressed through protective or other appropriate means to 
prevent their exercise by threats, or ameliorate their impact, if successfully reached 
with a threat. 

Which critical infrastructure sector poses the greatest national security concern, 
in terms of potential consequences and far-reaching impact on other sectors? The 
nature and target of any future attack will determine which critical infrastructure 
sector, once disrupted, would have the greatest potential consequences. Obviously, 
the sector targeted could have some direct consequences from a successful attack. 
However, the nature of the attack would determine the extent. For example, the 
detonation of a primitive explosive device near a communications network node 
could temporarily cripple communications support for other sectors’ critical facilities 
in that immediate area, but broader regional traffic could be rerouted. A different 
attack on the same sector could attempt to spread a virus throughout an entire na- 
tional network. Another scenario is one in which a compromised sector is delib- 
erately unharmed while it is being used to unleash havoc on another. 

Without consideration for what vulnerability analysis is underway and what pro- 
tective measures are in place, the following sectors present the highest potential 
risk to national security: 

Energy 

Information and Communications 

Banking and Finance 

Transportation 

Postal and Shipping 

This priority scheme is based on (a) the ease at which problems propagate within 
the sector, (b) the extent of other sectors’ dependencies on it, and (c) the potential 
impact of a sector’s loss of crucial functionality. 

Question: 2. Do current efforts by the Administration and the Department 
of Homeland Security match the gravity and seriousness of the threats we 
face in the critical infrastructure sectors you identify? What more should 
be done to address the risks in the sectors you identify? 

McCarthy Response: 

Although the Department is still in its formative stages, it is doing a remarkable 
job of ramping up projects and setting its agenda in order to face the critical infra- 
structure threat. For example, the DHS recently tapped the CIP Project to do a 
Mitigation Priority Analysis in the wake of Hurricane Isabel. We have been asked 
to evaluate the telecommunications, transportation, water, and energy sectors in the 
National Capital Region. Specifically, we will study how the four critical sectors pre- 
pared, reacted to, and recovered from the hurricane. This project will help identify 
the kinds of risks and vulnerabilities faced by these sectors, and provide guidance 
on how to address them. 

Another example of the Department’s evolving schema is the recent development 
of the USCERT (Computer Emergency Response Team). It is a partnership between 
the NCSD and Carnegie Mellon’s CERT/Coordination Center (CERT/CC), which will 
work with the private sector to improve warning and response mechanisms to cyber 
incidents. In addition, the USCERT will collaborate with the private sector to de- 
velop and implement new detection and response tools. 

These projects are excellent examples of the intelligence and initiative at work in 
the Department, even in this early stage of development. Of course there is more 
to do, but the Department is dealing with an enormous learning curve — bringing to- 
gether old agencies with new ones, balancing security needs with efficiency, and an- 
ticipating the unanticipated are not easy tasks. But as the groundwork is laid for 
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further growth, I am confident that the Department will rise to the challenge that 
Congress and the nation have put in front of it. 

Orszag Response: 

As I stated in testimony before the 9 — 11 Commission on November 19, 2003, the 
general lack of action in strengthening market incentives to undertake homeland se- 
curity investments more than two years after the September 11th attacks is simply 
unacceptable. In my opinion, the Department of Homeland Security bears primary 
responsibility for this lack of action. 

Watson Response: 

The Administration agreed with the Marsh Commission regarding the most crit- 
ical infrastructure sectors, and studied the issue further, identifying additional crit- 
ical sectors in the National Strategy for Homeland Security. That strategy is sup- 
ported by national physical and cyber security strategies, which articulate the grav- 
ity and seriousness of the threats to critical infrastructures. I believe DHS under- 
stands the seriousness of this issue, but has been hampered by internal churn 
caused by simultaneously merging 22 Federal agencies, identifying and training 
new leaders and employees at all levels, sorting out real stakeholders from pre- 
tenders, and having to conduct day-to-day operations while reorganizing and hiring. 
Rather than try to determine which sector is most important, it would be far more 
effective to address cross-sector dependencies, considering all the identified critical 
infrastructure sectors. This is why I stressed the importance of computer modeling 
and tabletop exercises in my testimony. 

Rauscher Response: 

My observations of the efforts of the Administration and the Department of Home- 
land Security, related to the protection of our critical national infrastructure sectors, 
is that: 

1. Critical infrastructure protection has been identified as a vital component of 
the Homeland Security strategy 

2. There is a concerted effort to advance the National Strategy for Homeland Se- 
curity 

3. The Department of Homeland Security has begun to provide national coordina- 
tion for infrastructure protection 

4. The Department of Homeland Security has also begun to implement creative, 
new technologies and capabilities in their approach 

A brief discussion of each of these areas, as related to the communications sector, 
follows. 

1. Critical infrastructure protection has been identified as a vital component of 
the Homeland Security strategy 

The President’s National Strategy for Homeland Security underscores that critical 
infrastructure protection is vital to protecting the nation. For the communications 
infrastructure sector, this stated policy is and continues to be addressed in several 
notable ways. 

First, the government-industry partnership-based National Communications Sys- 
tem (NCS) National Coordinating Center for Telecommunications (NCC) and 
Telecom-ISAC (Information Sharing and Analysis Center) trusted environment and 
functions have been integrated into the Directorate of Information Analysis and In- 
frastructure Protection (IAIP). 

Second, the President’s National Security Telecommunications Advisory Com- 
mittee (NSTAC) has been repositioned to within DHS and continues to advance pol- 
icy guidance on several critical subject areas regarding critical infrastructure protec- 
tion, including, for example, matters of concern with the banking and finance sector. 

Third, the joint government-industry Network Security Information Exchange 
(NSIE) continues to maintain dialogue on classified subject matter, other sensitive 
information, and on special subjects of concern. In addition, there are various other 
activities in which DHS exhibits its commitment of critical infrastructure protection. 

In summary, protection of the communications sector is the stated policy of the 
Administration and DHS and this policy has been acted upon with the necessary 
private industry cooperation. To ensure a continued strong protection program for 
the communications sector, the Administration and DHS should continue to work 
closely with private industry, and specifically, support the trusted environment of 
the NCC and Telecom-ISAC. 

2. Advancing the National Strategy for Homeland Security 

A basic learning from the September 11, 2001 A1 Qaeda Attack was that the then 
existing methods of defending against terrorism were inadequate. This is a primary 
motivation behind the restructuring that has taken place under the new depart- 
ment. 
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If a defensive strategy is based primarily on threat knowledge, then those 
vulnerabilities targeted by the known threats will likely be protected well. Speed 
and focus are the hallmarks of this approach, enabling efficient deployment of re- 
sources. However, this approach may leave some “cockpit doors” unaddressed. On 
the other hand, the systematic vulnerability approach covers all vulnerabilities — 
independent of whether historic or fresh threat information is available. While this 
approach takes longer, it yields a substantially higher degree of confidence because 
it protects all vulnerabilities, and thus is prepared for any permutation of attack 
method. It is the only approach that can help us be as prepared and as secure as 
possible. It is the only approach that can let us sleep well at night. 

Given the complexity of many of our sectors, it is vital that such a very disciplined 
approach be followed. One further motivation for a systematic vulnerability ap- 
proach is articulated in the President’s National Strategy for Homeland Security: 
“Terrorism depends on surprise.” The sophisticated terrorists of the twenty-first cen- 
tury conduct surveillance and patiently plan. We cannot afford to take shortcuts 
that would leave our coverage of the unexpected wanting. This contrasting discus- 
sion of the two approaches does not suggest the selection of one over the other, but 
rather the deployment of both. It is best to see these two approaches as complimen- 
tary, where the vulnerability identification and protection functions are guided pri- 
marily on a vulnerability approach, and the threat intelligence and risk dissemina- 
tion functions are guided primarily by the traditional means. 

The progress of the DHS IAIP Protective Security Division has mostly been along 
the lines of applying threat-based approaches. Although there have been numerous 
enhancements in this area, it is not enough. It is however, the best first step, in 
that it allows for a speedy, effective focus, and immediate efficient use of limited 
resources. The Protective Security Division plans to supplement its enhanced threat- 
based strategy with one of systematic vulnerability assessment, and to partner 
closely with private industry as it advances this strategy. It is vital that this course 
be maintained. 

From my unique position of having led the communications industry’s top experts 
in the development of over two hundred and fifty Homeland Security Best Practices 
during the past two years, I have made a straightforward — yet strikingly critical — 
observation: Formal training directly enables or limits abilities to solve particular 
problems. Careful consideration should be given to the various disciplines available 
and the nature of the challenges being faced. Specifically, law enforcement profes- 
sionals are often highly trained in methods of processing threat and risk informa- 
tion. Computer “science” training offers proficiency in translating logic ad other 
functionality into automated processes, but is actually based very little on funda- 
mental scientific approaches to problem solving. However, it is the classical training 
of the engineer and scientist to do thorough, systematic, “cover-all-bases” proce- 
dures. In critical infrastructure protection, it is essential that DHS fully utilize the 
appropriate compliment of disciplines, paying particular attention to include indus- 
try-experienced engineers and scientists when comprehensive and systematic ap- 
proaches are required. While the careful, systematic, thorough work of the engineer 
and scientist is often slower, it is absolutely essential. 

In summary, one of the critical roles for DHS is to draw the distinction between 
the protection methods of the past and the new methods needed for the future chal- 
lenges of terrorism. It is vital that DHS implement its plans to augment the tradi- 
tional threat-based approach with a systematic vulnerability-based approach. 

3. Provide national coordination for infrastructure protection. 

With the NCS integrated into the 1A1P, and as such the NCC and Telecom-ISAC 
also, DHS is providing important coordination within the communications sector 
and increasingly important coordination among other sectors. In preparation for an 
emergency, and during an emergency response, cross-industry and government-in- 
dustry coordination is essential. 

The Department of Homeland Security also disseminates threat information 
through its trusted stakeholder channels. In addition to Daily Reports, DHS pro- 
vides special notices and alerts. The communications sector also benefits from peri- 
odic DHS briefings to the Telecom-ISAC and its coordination between infrastructure 
sectors. During the August 2003 Power Blackout, the Telecom-ISAC received up- 
dates on anticipated regional power recovery timeframes from the Electricity Sector 
ISAC that enabled the communications network operators to more effectively man- 
age logistics for, and deploy, limited resources. 

DHS also recognizes its need to receive counsel and advice from private industry. 
The communications sector is very complex, as there is a host of technological, com- 
petitive, regulatory, legal, and other issues in play. DHS appropriately relies on ex- 
perts from service provider, network operator and equipment supplier perspectives. 
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The NCS has been an active participant in the NRIC Homeland Security Best Prac- 
tices work. 

4. Implement creative, new technologies and capabilities in their approach 

In order to meet the riveting challenges of our post-September 11 world, capabili- 
ties need to be augmented to embrace new technologies and capabilities. It is essen- 
tial that DHS be open to new approaches, and to be capable of effectively screening 
through options to find those that should be implemented. One example is DHS’ 
continued engagement of the Wireless Emergency Response Team (WERT), which 
was formed on September 11, 2001, to use advanced wireless technology to support 
traditional Search and Rescue efforts. Another example is Wireless Priority Service 
(WPS), which provides priority access for the wireless air interface for first respond- 
ers and others with national security and emergency preparedness responsibilities. 
However, while the capabilities of WPS are currently available for one wireless tech- 
nology platform, half of the potential capacity for providing this essential service re- 
mains undeveloped. In the absence of additional funding and/or direction by Con- 
gress, this capacity will remain untapped until the end of FY05. 

In addition to including new capabilities, it is encouraging to see expanded out- 
reach raising the awareness of existing NCS programs, such as the Government 
Emergency Telecommunications System (GETS), Telecommunications Service Pri- 
ority (TSP), and SHAred RESources (SHARES) High Frequency (HF) Radio Pro- 
gram (SHARES), which allow for landline priority service access, determine pre- 
emergency priority restoration status, and provide a emergency message handling 
system by bringing together existing HF radio resources, respectively. 

An area where new approaches are desperately needed across all sectors is cyber 
security. In addition to strengthening reactionary measures — such as our cyber 
threat detection and response capabilities — an appropriate portion of this attention 
needs to be given for longerterm fixes that address the roots of all these problems. 
What are often referred to as “vulnerabilities” in the cyber community are usually 
the manifestations of software design errors. Bold, new, robust paradigms for soft- 
ware programming languages and compilers are needed. 

The frontier of new possibilities is vast. To optimize the effectiveness and econom- 
ics of critical infrastructure protection, DHS must remain vigilant regarding applica- 
ble new technologies and capabilities. 

Question: 3. In your opinion, is the DHS Directorate of Information Anal- 
ysis and Infrastructure Protection (I A1P) optimally organized to address 
the critical infrastructure sectors of greatest national security concern? 
Does it have adequate access to intelligence? Does it have relevant sector- 
specific technical expertise? Is it adequately staffed? Is its relationship 
with other relevant federal agencies — for example the DOE and EPA — on 
security matters clearly and well defined? Is the IAIP directorate suffi- 
ciently transparent to state and local officials and to owners of critical in- 
frastructure? 

McCarthy Response: 

I am not privy to the Department of Homeland Security’s intelligence data or hir- 
ing practices, and therefore unable to comment on this question. 

Orszag Response: 

I do not have the relevant expertise to respond to this question. My colleagues 
(James Steinberg, Ivo Daalder, or Michael O’Hanlon) would be better qualified to 
answer it. 

Watson Response: 

It’s too early to tell whether DHS/IAIP is optimally organized. The organization 
is maturing and leaders are still making changes as they see needs. Almost all 
intra-government efforts are not transparent outside of the government. It’s also too 
early to tell whether it is adequately staffed or has developed effective relationships 
with other relevant Federal agencies. I do not have visibility into IAIP’s access to 
intelligence, so cannot comment on its adequacy. IAIP has offered to house sector 
experts from each critical infrastructure, because they realize they do not have suffi- 
cient industry expertise. To date, the railroads have responded by seating two sector 
representatives within the 

CSTARC. Regarding transparency, our experience to date is that DHS has been 
relatively opaque to state, local, and industry, it has been extraordinarily difficult 
to find people within DHS to discuss specific issues like interdependency modeling, 
exercises, and strategy, but I attribute this primarily to reorganization churn. 

Rauscher Response: 
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The Department of Homeland Security Directorate of Information Analysis and 
Infrastructure Protection’s organizational structure is critical to its being able to ful- 
fill its role in supporting the protection of the nation’s critical infrastructure. The 
form of this organizational structure should follow its functional priorities. For the 
communications infrastructure, these priorities are to establish and maintain trust- 
ed dialogue with the vast and diverse industry members, provide speedy dissemina- 
tion of relevant threat information to these industry members, support emergency 
coordination within, the communications sector, and facilitate emergency prepared- 
ness and response coordination across sectors. In addition to these priorities, the 
communications industry may look to the DHS IAIP to support special needs from 
time to time. It is important for its structure to be flexible to speedily and effectively 
address these concerns when they arise. 

It is vital for the IAIP to have immediate access to intelligence on physical and 
cyber threats. Such information is vital to trusted representatives of key commu- 
nications companies to use to better protect their networks and other critical facili- 
ties. In order for this information to be useful, it needs to be transferred in a timely 
fashion and with appropriate details in order for it to be leveraged for effective crit- 
ical infrastructure protection purposes. Currently, the DHS IAIP NCS provides daily 
reports, and, from time to time, special information reports and alerts, to the com- 
munications industry. Communications companies throughout the industry use this 
information to adjust their physical and cyber security protective procedures. For 
example, an alert detailing a specific threat can be used to guide the review of spe- 
cific industry-agreed NRIC Best Practices. The communications industry also pro- 
vides information back through the trusted environment of the NCS NCC and 
Telecom-ISAC. Critical infrastructure information sharing processes should be con- 
tinuously improved with methods of better identifying data relevant to specific in- 
frastructure concerns and strengthened with updated safeguards against leaks. 

The IAIP cannot establish nor maintain needed expertise for the communications 
sector without close partnership with private industry. The nation’s public commu- 
nications infrastructure includes many networks consisting of thousands of network 
nodes that are operated by scores of distinct companies. The NCS Telecom-ISAC, 
NSTAC and the NRIC have provided coordination for cross-industry and govern- 
ment-to-industry responses, national policy guidance, and detailed Best Practices, 
respectively. 

IAIP staffing level requirements will fluctuate substantially depending on the 
partnership architecture implemented. For example, the nation’s communication’s 
infrastructure is largely privately owned and operated. Strategies that have little, 
or ineffective dependence on private industry, and attempt to duplicate industry ex- 
pertise will be much larger than necessary and an unnecessary expense. Also, be- 
cause such a staff will not have day-to-day responsibilities for operating actual net- 
works, such a strategy will result in unpreventable latency and limitations in the 
development of expertise. On the other hand, the NCS NCC has effectively imple- 
mented a partnership strategy with the communications industry since well before 
September 11, 2001. As a benchmark, the NCC staffing level needs have been raised 
due to a number of factors, including: a higher national priority for the reliability 
and security of the nation’s public networks, a recognition for greater coordination 
among critical infrastructure sectors, and expanded industry membership. 

For Peter Orszag’s Response: 

4. In your book, “Protecting the American Homeland: One Year On,” you state 
that, “[Presidential Decision Directive]-63 designated key agencies to oversee the 
protection of critical national infrastructure, but many observers complained that 
the resultant apparatus was ineffective. Although the Office of Homeland Security 
now has broad supervision over this issue, it still needs closer attention.” Could 
you elaborate on this lack of effectiveness and what you mean by “closer 
attention”? 

Orszag Response: 

“Closer attention” means grappling with the tradeoffs inherent in moving beyond 
a laissezfaire approach to homeland security. That approach will not work, but it 
is easy to go astray in devising alternatives — either by imposing excessive costs on 
the private sector or by failing to provide sufficient incentives for protection. The 
Department must exercise more leadership in how the nation should approach that 
difficult tradeoff. 

Question: 5. In your book, “Protecting the American Homeland: One Year 
On,” you state that, “The Administration’s strategy leaves out several key 
priorities for action. . .[including] major infrastructure in the private sec- 
tor, which the Bush Administration largely ignores. . . In early 2003, the 
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Department of Homeland Security issued a strategy document for pro- 
tecting critical infrastructure, but the document lacked the types of spe- 
cific policy steps that are now overdue” What specific policy steps would 
you recommend that the DHS take? 

Orszag Response: 

Protecting the American Homeland identifies the specific steps that my co-authors 
and I believe are appropriate for protecting private-sector assets in the United 
States from terrorist attack. 

For Mr. McCarthy and Mr. Watson 

Question: 6. In your opinion, are the DHS and the White House providing 
comprehensive leadership to improve information sharing with state and 
local officials and with owners of critical infrastructure? Please discuss the 
effectiveness of measures already taken to improve information sharing, 
including Freedom of Information Act (FOIA) exemptions. Please discuss 
other measures that you believe the government should undertake to in- 
crease information sharing with critical infrastructure owners and with 
state and local officials? 

McCarthy Response: 

This Administration is making great strides in engaging state and local govern- 
ments, as well as owners and operators of critical infrastructures, in conversations 
about security, reliability, and performance. For example, our current Mitigation 
Priority Analysis project depends on inputs from a myriad of regional entities: the 
state/city governments of DC, Maryland, and Virginia; county governments, like 
Montgomery (MD), Arlington (VA), and Fairfax (VA); and the businesses that run 
the four sectors that are being studied, like PEPCO, Dominion Virginia Power, 
Metro, and various water processing plants. This is an important foray into estab- 
lishing critical infrastructure processes on a regional level, as well as national. 

The Administration has also addressed industry’s concerns that sensitive, propri- 
etary information remain private, even if shared with the government. In April, 
DHS released its draft Critical Infrastructure Information (CII) regulations. These 
regulations, once adopted, will allow owners of critical infrastructures to share cer- 
tain information with the Department with assurances that such information can 
only be accessed by specific individuals. The information will be protected, and not 
subject to outside access through the Freedom of Information Act (FOIA) process. 
This is a first step, but an essential one, towards private sector information sharing. 

The Department of Homeland Security is not the only agency concerned with 
keeping sensitive information from prying eyes. Other agencies have "lead" status 
with certain industries, and have established similar regulations concerning sen- 
sitive information. For example, after the 9-11 attacks, the Federal Energy Regu- 
latory Commission (FERC) removed from its reading room detailed maps and other 
information about electric power facilities and natural gas pipelines. Although ex- 
empt from FOIA procedures, this information had traditionally been open and avail- 
able to anyone who requested it. In February, 2003, FERC ruled that individuals 
wanting access to this information would have to apply for it. The application re- 
quirements include identification information, and take the need/purpose of the in- 
formation into account. Access is granted on a case-by-case basis, and only to indi- 
vidual applicants. 

Establishing a trusted relationship with industry can be a delicate process. Both 
DHS and the White House are laying the critical foundation to ensure that informa- 
tion sharing can be a positive experience for all involved. 

Watson Response: 

As stated above, DHS has reached out to the ISACs and the ISAC Council to es- 
tablish information sharing mechanisms. The FOIA exemption in the law creating 
DHS removes a barrier to information to be shared by the private sector with DHS. 
(There is still an issue with sharing similar information at the state and local level 
where CII protection does not exist.) It is too early to assess whether these meas- 
ures have been effective. Cross-sector and public-private information sharing is 
nearly as new to industry as it is to the Federal government, and we are developing 
mechanisms together. To date, DHS leaders have been very receptive to industry 
ideas regarding organization, protocols, contact lists, and frequency of communica- 
tions. 

One additional step that could be taken would be for DHS to sponsor research 
into real-time data sharing. Current ISAC and government efforts are limited to e- 
mail, phone, and webbased message traffic, which will always lag behind actual 
threats. The only way to get ahead of the curve is to establish real-time data shar- 
ing. The time between vulnerability disclosure and live exploitation is decreasing 
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dramatically, as is the time to maximum infection rate of a new worm or virus. 
Sometimes, filtering traffic at specific ports is the only interim defensive measure 
possible until vendors can develop software patches or signature updates for 
antivirus and intrusion detection programs. As these times approach zero, the only 
way defenders will have time to implement filters or block access will be real-time 
visibility of inbound and outbound traffic. Several companies, Federal agencies, and 
the CERT/CC have capabilities in this area, and the IT-ISAC is prototyping a 
multi-company and cross-ISAC capability. I believe both the sectors and the Federal 
government would benefit greatly from a comprehensive national capability to see 
real-time traffic in order to implement interim defensive actions in advance of at- 
tacks on critical infrastructure networks. Such a research project must include a 
consideration of privacy, protecting individuals, and companies’ private, proprietary 
information should be built in to any real-time traffic sharing scheme. 

One of the greatest barriers to information sharing is the lack of coordination of 
requests for information from multiple jurisdictions. DHS has not demonstrated suf- 
ficient intradepartment coordination, and has provided little to no leadership to the 
states. Since September 11, 2001, the private sector has encountered a flurry of 
state-by-state, municipality-by-municipality, and county-by-county information re- 
quests. These requests on industry have become unsustainable, and if left uncoordi- 
nated will lead to grossly inefficient and idiosyncratic security programs. Companies 
are diverting valuable resources in order to respond to state, municipal, and county 
inquiries. Thus, there is a compelling argument for Federal leadership and partner- 
ship with states, municipalities and counties in the formation of regularized inquir- 
ies to avoid inefficient duplication by multiple governmental entities. However, this 
should not be interpreted as a call for Federalization of security, but rather, should 
be viewed as a call for coordination among Federal, State, and local municipalities 
in regards to assembling and protecting information necessary to protect critical in- 
frastructure information (CII) within DHS. 

For example, it appears that earlier this year, DHS requested that states compile 
a list of their critical infrastructures. States were compelled to respond to the DHS 
request, for the state’s response would help determine the amount of discretionary 
DHS funding the state would be allocated to improve emergency preparedness and 
response. However, the Emergency Response division within DHS did not coordinate 
the request with the IAIP division. An unfortunate oversight, for much of the infor- 
mation being requested of the states had already been compiled, and therefore pro- 
tected under FOIA, by independent agencies that have now been subsumed by DHS. 
Therefore, I would argue that regardless of what governmental entity or authority 
seeks CII, industry should submit its CII only to DHS. The Federal law now pro- 
vides DHS with the requisite authority to exempt CII from Federal FOIA disclosure. 
Most state and local governments have FOIA laws or information access laws that 
are not as stringent or broad enough to protect CII, which is most troubling. In ad- 
dition, by having DHS as the main repository and clearing house for CII, Federal, 
state and local governments will not have to make duplicative requests to provide 
information that is already being held and protected by DHS. The administrative 
burdens placed on industry to provide duplicative information can be averted simply 
by having Federal, state, and local governments obtain the CII they require from 
DHS. DHS can than disseminate the information under the Federal law to other 
Federal, state, and local governments ensuring the protection of the provided CII. 
Finally, any Federal agency that has or will acquire CII through governmental re- 
quest should send such CH information immediately to DHS for retention, as DHS 
has the proper legal authority to protect CII from disclosure. 

Section 214 of the Homeland Security Act does not preempt state law and that 
the proposed rules under section 29.8(g) mirror the provisions of section 214. I do 
not advocate preemption, since a statutory change to section 214 would be required. 
Rather, it seeks DHS rules that would require DHS to become the CII repository 
for Federal, state, and local governments and that all requests for CII be first made 
to DHS by Federal, state, and local governments. In addition, DHS should require 
Federal, state, and local governments to make their initial CII inquiry to DHS, be- 
fore seeking such information independently from the private sector. Under this pro- 
posal, State and local governments could still solicit information from individual 
companies. If the information was not currently held by DHS, the company would 
consider the request and respond accordingly to the Federal, state, or local govern- 
ment requestor. Of course, if the information had already been provided to DHS, 
industry would refer the Federal, state, or local government requestor back to DHS. 

Question: 7. Do you believe that industry Information Sharing and Anal- 
ysis Centers (ISACs) will be in a position to create a business case for tradi- 
tional national defense or national security objectives? Why or why not? 
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Are ISACs the best organizations to lead sector-based industry efforts to 
share critical infrastructure information? What is the role of the federal 
government in supporting industry ISACs? Is the federal government doing 
enough to support ISAC efforts? 

McCarthy Response: Reference separate attachment on symposium summary 
Information is in committee files. 

Watson Response: 

First, it is important to remember that ISACs, as a generic group, do not rep- 
resent the sectors. Again, there is no one size fits all solution for every sector. I do 
not believe ISACs should be in the traditional national defense or national security 
business, but should be a part of an overall assessment of threat that could be used 
for defending the country. Only when analysis indicates that industry sectors are 
the target of an attack on the United States should ISACs be involved in defensive 
efforts, and even then, it is the affected companies that must take defensive action, 
not the ISACs. I believe the ISACs are the best organizations to lead sector based 
industry efforts to share critical infrastructure information, but they are not the 
only sources of such information. Key owners and operators will have some informa- 
tion they can provide directly to other companies and governments to augment that 
coordinated by ISACs. Critical infrastructure owners and operators that do not be- 
long to an ISAC may have information of which neither government nor ISACs are 
aware. As ISACs mature and information-sharing mechanisms become more robust, 
the ISACs will evolve into a more central role in critical infrastructure information 
sharing. 

The Federal role in supporting ISACs is primarily participation as a full partner 
in the process. I recommend three areas for improvement in the Federal govern- 
ment’s role as partner to industry: 

a) Improve timeliness and quality of threat information shared with industry 
ISACs. Information is flowing from government to industry, but because of sanitiza- 
tion and classification requirements, information from government is usually hours 
or days later than that flowing from industry to government on the same threats. 
In addition, specifics regarding threat organizations, intents, and targets, are not 
often shared. 

b) Provide feedback to industry on the value of information provided by ISACs to 
government, and details on how that information is being protected by government. 
ISACs have been providing threat, vulnerability, countermeasures, and best practice 
information, along with analysis, to government, but in most cases it seems to go 
into a black hole. Feedback regarding usefulness would be valuable in prioritizing 
ISAC efforts. Transparency regarding steps taken to protect industry information 
would encourage more sharing from industry to government. 

c) Coordinate requests for industry information. Currently, ISACs and other in- 
dustry organizations receive multiple requests daily from the Federal government, 
many from separate DHS organizations, for similar or identical data. Industry orga- 
nizations cannot scale resources to respond to all these requests, and have little un- 
derstanding of the intended use of the information requested. Also, industry receives 
little information regarding the protection of the information. DHS should consoli- 
date Federal requests of industry information, provide to industry the intended use 
of the information, the steps to be taken to protect it, and benefit (feedback) to the 
industry organization providing the information. 

Question: 8. When attempting to prioritize limited resources, how important 
is it to have in place a comprehensive national critical-infrastructure risk- 
and-vulnerability assessment? To the extent that you are aware, please de- 
scribe DHS’ progress to date to produce such and assessment, including a 
prioritized national list, database, and geospatial map of critical infrastruc- 
tures and key assets. What more should be done to speed progress on such 
an initiative? In your estimation, and in light of assessments that have al- 
ready been done by states and industry, how quickly could a rough draft 
of a comprehensive national assessment of critical infrastructure be com- 
pleted? 

McCarthy Response: 

A comprehensive assessment of critical infrastructure risk will take years to com- 
plete. Certainly, a tool like this will assist in setting critical infrastructure priorities, 
but it is not the only one. One prime alternative is the National Capital Region 
(NCR) Urban Area Security Initiative (UASI) Project. The overall intent of this ef- 
fort is to use the National Capital Region as a real world laboratory exercise to 
evaluate and propose future methods of critical infrastructure protection activities. 
George Mason plays an important role in Critical Infrastructure Protection Over- 
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sight, collaborating with university, industry, and government partners. Together, 
we will conduct an analysis of each critical infrastructure sector, with a focus on 
assessing vulnerabilities. 

I do not have data on exactly what critical asset lists the Department does or does 
not have; understandably such information should be kept under lock and key. 
What I do know is that until such time as a comprehensive risk assessment can 
be completed, the Department must continue to think “outside the box.” It must rely 
on creative and innovative projects like the NCR project to help set priorities and 
allocate the resources accordingly. 

Watson Response: 

A single, comprehensive national critical infrastructure risk and vulnerability as- 
sessment would not only be cumbersome, but a very dangerous target list. Most of 
it would also grow quickly out of date. Understanding regional cross-sector depend- 
encies would help regional stakeholders make resource decisions, but a national list 
would have little value beyond the Ooh factor and braggadocio. At the national 
level, strategy, policy, and doctrine are most useful. Operational action must occur 
at the regional, operational level, and local, tactical level of defense. Use military 
planning as a model. Military units develop and maintain defensive plans that cover 
their specific bases, stations, units, taskforces, and ships. Every level of command 
develops plans and procedures appropriate to its area of influence (reach) and area 
of interest (threat). Neither the military service headquarters nor the Joint Chiefs 
of Staff get involved in specific unit planning. Rather, the Services and JCS provide 
strategy, policy, and doctrine, on which local commanders base their decisions. This 
is a good model for critical infrastructure protection planning, and supports my ar- 
gument for regional exercises to identify key stakeholders and local cross-sector de- 
pendencies, and to develop cross-sector regional contingency plans. In the cyber di- 
mension, planning must be global, since there are no borders in cyberspace. There- 
fore, cyber elements of regional exercises should be global, not regional or local. 

In addition, the network elements most vulnerable at any given time are a func- 
tion of what the threats are, a scenario which changes daily. For example, if current 
threat analysis suggested that nuclear power plants were being targeted, the list of 
telecommunications, emergency service facilities and other infrastructures most vul- 
nerable would be significantly different than if certain water facilities were the tar- 
get. As such, any list being generated is static, being compiled in the absence of spe- 
cific threat scenarios and even at its best, would not be particularly meaningful for 
any significant period of time. 

Question: 9. What progress has been made by states and industries to com- 
prehensively assess critical infrastructure risks? Has the DHS done 
enough, in your opinion, to 1) provide sufficient leadership, guidance, and 
assistance to states and industry; and 2) leverage work already done by 
states and industry as it seeks to produce its own comprehensive national 
assessment? 

McCarthy Response: 

We are aware that many states are currently in the initial stages of evaluating 
their risk status and levels of preparedness. The Department has contributed heav- 
ily to these efforts, as much as a young organization could reasonably be expected 
to contribute. It is equally important for states and industry to assume responsi- 
bility for action on these fronts. The Department also appears to have established 
strong working ties into the various state and industry efforts, and those contacts 
are likely to lead to a more informed national assessment. 

Watson Response: 

Several critical infrastructure sectors have completed sector-wide risk assess- 
ments, and indeed some of these have been doing so for several years. I recommend 
asking the Sector Coordinators about sector-specific risk assessments. The states 
are beginning to make assessments. Notable among these are New York and New 
Jersey, following the terrorist attacks of 9/11/2001. DHS is still too new to provide 
comprehensive guidance, but the priorities outlined in the Marsh Commission report 
and the three national strategies (Homeland Security, Physical Infrastructures, and 
Cyber Security), have provided sufficient direction for industries and states to get 
to work on assessments and contingency plans. Again, I believe a comprehensive na- 
tional assessment would be largely useless, except in the cyber dimension. 
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Questions and Responses from Denise Swink, Acting Director, Office of En- 
ergy Assurance submitted by Rick A. Dearborn, Assitant Secretary, Con- 
gressional and Intergovernmental Affairs 

Hearing on September 17, 2003 

Question: 1. Subsequent to the blackout of August 14,2003, have your in- 
vestigations revealed any possibility that a cyberattack caused part or all 
of the power grid failure? If so, please elaborate. 

Answer: 1. A great deal of work has been done in this area including interviews 
with key personnel at sites where the outage related events began. As stated in the 
U.S. Canada Power System Outage Task Force Interim Report: Causes of the August 
14th Blackout in the United States and Canada, no evidence has been identified in- 
dicating that malicious actors are responsible for, or contributed to, the outage. 
There is also no evidence suggesting that viruses and worms prevalent across the 
Internet at the time of the outage had any significant impact on power generation 
and delivery systems. However, as discussed in response to Question 2, the Task 
Force Security Working Group (SWG) has concerns with respect to: the possible fail- 
ure of alarm software; links to control and data acquisition software; and the lack 
of a system or process for some operators to view adequately the status of electric 
systems outside their immediate control. 

Question: 2. Have your investigations revealed the failure of some com- 
puter monitoring systems at electric power facilities either before or dur- 
ing the blackout of August 14th? If so, please elaborate. 

Answer: 2. As discussed in the interim report, SWG analysis suggests that fail- 
ure of a software program — not linked to malicious activity — may have contributed 
significantly to the power outage of August 14,2003. Specifically, key personnel may 
not have been aware of the need to take preventive measures at critical times be- 
cause an alarm system was malfunctioning. The SWG continues to work closely 
with the operators of the affected system to determine the nature and scope of the 
failure, and whether similar software failures could create future system 
vulnerabilities. 

Analysis of information derived from interviews with operators suggests that, in 
some cases, visibility into the operations of surrounding areas was lacking. Some 
companies appear to have had only a limited understanding of the status of the elec- 
tric systems outside their immediate control. This may have been, in part, the result 
of a failure to use modem dynamic mapping and data sharing systems. 

Question: 3. How can the Congress, federal agencies, and state and local 
governments best work together to coordinate the necessary upgrades and 
protections to computer systems at electric power facilities so that we less- 
en the threat of a cyberattack? 

Answer: 3. The nation’s electric power facilities, in large part, belong to private 
companies. These companies must comply with numerous Federal and State statu- 
tory and regulatory requirements, and are closely regulated by Federal and State 
regulation bodies. However, these same companies are reluctant to apply cyber secu- 
rity guidelines and recommendations that have a questionable business case in light 
of a poorly defined threat. The threat in cyberspace is very difficult to define and 
is a point of controversy in the cyber security arena. 

In order to persuade private sector companies to invest in cyber security, it is nec- 
essary for all concerned parties to work cooperatively to make a sufficient business 
case for these expenses. Better analysis/definition of the threat in an unclassified 
form is necessary in order to promote the adoption of upgrades and protections nec- 
essary to lessen the threat of a cyber attack. 

Question: 4. This month, the American Society of Civil Engineers (ASCE) 
released a Progress Report on its 2001 Report Card on America’s Infrastructure. In 
this report, the ASCE examined current status and trends in the nation’s 
deteriorating infrastructure. In their assessment, the Energy infrastructure 
received a D+. Roads and Bridges received a D+/C; Transit a C-; Drinking 
Water a D; Wastewater a D; Dams a D; and Hazardous Waste a D+. Does the 
poor state of a number of our infrastructure sectors have serious negative 
implications for the security of those sectors against potential terrorist at- 
tack? What is the relationship between reliability and security when it 
comes to critical infrastructure protection? 

Answer: 4. The state of our infrastructure does play a role in our ability to pro- 
tect against a potential terrorist attack and to respond to an actual terrorist attack. 
The better the condition of our infrastructure, the better our ability will be to pro- 
tect against and respond to a terrorist attack. It is important to have a robust infra- 
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structure with an appropriate level of redundancy that can withstand an attack and 
still have capacity to meet critical needs and support an emergency response. Addi- 
tionally, advance planning, good information systems, and well rehearsed infrastruc- 
ture management techniques can aid in our response to an attack. 

The relationship between reliability and security is vital for critical infrastructure 
protection. Private sector companies are driven by both legal requirements and the 
business case that supports a particular decision. The reliability of the services pro- 
vided by various sectors is the foundation that helps these companies avoid regu- 
latory penalties and provide customer satisfaction and public confidence in their op- 
erations. Therefore, the aging state of most of these critical infrastructures forces 
the companies that own and operate them to balance their limited resources be- 
tween maintaining the infrastructure and protecting it. Since the cyber threat is 
poorly defined and the need to maintain operational reliability is an easily defined 
business case, limited resources are made available to the protection of the infra- 
structure, especially the cyber part of the infrastructure. This situation is further 
complicated by a general lack of understanding by the private and public sectors 
regarding the interdependencies of the critical infrastructures. For example, deci- 
sions on the appropriate security level for a bridge should include consideration of 
vital energy or telecommunications carried by that bridge in addition to the bridge’s 
role in the transportation system. 

Criticality of assets is very different depending on the approach you take to defin- 
ing the criteria. 


Questions foe the Record 

House Select Committee on Homeland Security Hearing: "Implications of 
Power Blackouts for the Nation’s Cyber-security and Critical Infrastruc- 
ture Protection: The Electric Grid, Critical Interdependencies, 
Vulnerabilities, and Readiness." 

September 17, 2003 

Assistant Secretary Liscouski 

Question: (1) Subsequent to the blackout of August 14, 2003, have your in- 
vestigations revealed any possibility that a cyber-attack caused part or all 
of the power grid failure? If so, please elaborate. 

No. The investigation found no evidence that attackers were responsible for, or con- 
tributed to, the outage. Al-Qaeda claims to the contrary are false. 

Question: (2) Have your investigations revealed the failure of some com- 
puter monitoring systems at electric power facilities either before or dur- 
ing the blackout of August 14th? If so, please elaborate. 

Yes, a combination of human operator and non-malicious computer failures contrib- 
uted to the August 14 power outage. The following timeline was derived from de- 
tailed discussions with FirstEnergy and the Midwest Independent Transmission 
System Operator (MISO). All times are approximate: 


Time 

Activity 

12:40 EDT 

At the MISO, a MISO EMS engineer purposely disabled the automatic peri- 
odic trigger on the State Estimator (SE) application, which allows MISO 
to determine the real-time state of the power system for its region. 
Disabling of the automatic periodic trigger, a program feature that 
causes the SE to run automatically every 5 minutes, is a necessary op- 
erating procedure when resolving a mismatched solution produced by 
the SE. The EMS engineer determined that the mismatch in the SE so- 
lution was due to the SE model depicting Cinergy’s Bloomington-Denois 
Creek 230— kV line as being in service, when it had actually been out 
of service since 12:12 EDT. 

13:00 EDT 

After making the appropriate changes to the SE model and manually trig- 
gering the SE, the MISO EMS engineer achieved two valid solutions. 
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Time 

Activity 

13:30 EDT 

The MISO EMS engineer went to lunch. He forgot to re-engage the auto- 
matic periodic trigger. 

14:40 EDT 

An operations engineer discovered that the SE was not solving. He went 
to notify an EMS engineer. 

14:41 EDT 

FirstEnergy’s server running the AEPR software failed to the backup serv- 
er. Control room staff remained unaware that the AEPR software was 
not functioning properly. 

14:44 EDT 

An MISO EMS engineer, after being alerted by the operations engineer, re- 
activated the automatic periodic trigger and, for speed, manually trig- 
gered the program. The SE program again showed a mismatch. 

14:54 EDT 

FirstEnergy’s backup server failed. AEPR continued to malfunction. The 
Area Control Error (ACE) calculations and Strip Charting routines mal- 
functioned, and the dispatcher user interface slowed significantly. 

15:00 EDT 

FirstEnergy used its emergency backup system to control the system and 
make ACE calculations. ACE calculations and control systems contin- 
ued to run on the emergency backup system until roughly 15:08 EDT, 
when the primary server was restored. — At 15:05 EDT, FirstEnergy’s 
Harding-Chamberlin 345— kV line tripped and locked out. FE system op- 
erators did not receive notification from the AEPR software, which con- 
tinued to malfunction, unbeknownst to the FE system operators. 

15:08 EDT 

Using data obtained at roughly 15:04 EDT (it takes about 5 minutes for 
the SE to provide a result), the MISO EMS engineer concluded that the 
SE mismatched due to a line outage. His experience allowed him to 
isolate the outage to the Stuart-Atlanta 345— kV line (which tripped 
about an hour earlier, at 14:02 EDT). He took the Stuart-Atlanta line 
out of service in the SE model and got a valid solution. 

15:08 EDT 

The FirstEnergy primary server was restored. ACE calculations and control 
systems were now running on the primary server. AEPR continued to 
malfunction, unbeknownst to the FirstEnergy system operators. 

15:09 EDT 

The MISO EMS engineer went to the control room to tell the operators that 
he thought the Stuart-Atlanta line was out of service. Control room op- 
erators referred to their “Outage Scheduler” and informed the EMS en- 
gineer that their data showed the Stuart- Atlanta line was “up” and 
that the EMS engineer should depict the line as in service in the SE 
model. At 15:17 EDT, the EMS engineer ran the SE with the Stuart-At- 
lanta line “live.” The model again mismatched. 

15:29 EDT 

The MISO EMS Engineer asked MISO operators to call the PJM Interconnect 
to determine the status of the Stuart-Atlanta line. MISO was informed 
that the Stuart-Atlanta line had tripped at 14:02 EDT. The EMS engi- 
neer adjusted the model, which by that time had been updated with 
the 15:05 EDT Harding-Chamberlin 345— kV line trip, and came up with 
a valid solution. 

15:32 EDT 

FirstEnergy’s Hanna-Juniper 345— kV line tripped and locked out. The AEPR 
continued to malfunction. 

15:41 EDT 

The lights flickered at FirstEnergy’s control facility, because the facility 
had lost grid power and switched over to its emergency power supply. 

15:42 EDT 

A FirstEnergy dispatcher realized that the AEPR was not working and in- 
formed technical support staff of the problem. 


Question: (3) In your written testimony you state that, "We have conducted 
vulnerability assessments at electric power facilities, we have a protection 
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strategy for key components, and we are working with industry and fed- 
eral partners to determine the best way to implement that strategy." Could 
you describe for me what this protection strategy is for situations where 
a vulnerability assessment determines that a power facility might be sub- 
ject to a cyber attack? I realize that there will be differences specific to 
each facility, but if you could generally elaborate on the strategy please. 

The statement addressed the conduct of physical security vulnerabilities at electric 
power facilities and strategies the Office of Infrastructure Protection (IP) is devising 
for those facilities and other key components of the electric power infrastructure. 
Specifically, the National Cyber Security Division (NCSD) is examining critical in- 
frastructures and associated key facilities, assets, physical plant, and control net- 
works with a focus on their dependencies on cyber systems. 

Regardless of whether a specific vulnerability is a physical- or cyber-induced, IP’s 
strategy is to identify vulnerabilities, correlate those vulnerabilities to the known 
threat environment, and provide appropriate technical and other assistance to miti- 
gate risks. IP shares identified vulnerabilities with the infrastructure owners and 
operators and, if requested, technical assistance. Mitigation actions range from ad- 
vice about rewriting software code to improving physical security weaknesses. 

Question: (4) How can the Congress, federal agencies, and state and local 
governments best work together to coordinate the necessary upgrades and 
protections to computer systems at electric power facilities so that we less- 
en the threat of a cyber attack? 

IP believes that Homeland Security Presidential Directive-7, Critical Infrastructure 
Identification, Prioritization, and Protection, which President Bush signed on De- 
cember 17, 2003, establishes the necessary national framework to guide federal in- 
frastructure protection policy and programs. Specifically, it clarifies federal roles 
and responsibilities and describes interfaces with state and local authorities and the 
private sector. IP is moving swiftly to implement HSPD-7, which we believe will 
make a visible and measurable improvement in infrastructure protection. Key to 
that effort is a National Plan for Critical Infrastructure and Key Resource Protec- 
tion that integrates both physical and cyber security measures in one planning 
framework. 

Question: (5) There is widespread acknowledgement of the importance of 
creating a comprehensive national critical infrastructure risk assessment 
in order to prioritize DHS efforts and manage spending. Carrying out com- 
prehensive risk assessments, in general, is also mandated by Section 201 of 
the Homeland Security Act. In testimony before the full Committee on Sep- 
tember 10, 2003, Governor Gilmore commented several times on the lack of 
an overriding homeland security strategy, based on a thorough threat, vul- 
nerability, and consequence assessment, to drive priorities and DHS ac- 
tions. In response to a question from Congressman Shays; Governor Gil- 
more remarked that the Administration has written a number of strategies 
but that none of them were based on an adequate risk assessment. 

On September 17, 2003 you testified before the joint hearing of the Subcommittee 
on Infrastructure and Border Security and the Subcommittee on Cybersecurity, 
Science, and Research and Development. Congresswoman Sanchez and Congress- 
woman Jackson-Lee questioned you in detail on the progress and status of such a 
comprehensive risk assessment. In response, you stated that, “I would be surprised, 
frankly, if we had that done in the next five years,” and that “there will be no 
timeline in which we will say we are finished.”Given the importance of comprehen- 
sive risk assessments and the requirements of the Homeland Security Act to develop 
a comprehensive national plan for securing the key resources and critical infrastruc- 
ture of the U. S., does the DHS plan to publish at a certain point in time a docu- 
ment containing a comprehensive risk assessment of critical infrastructure, which 
would aid in the prioritization of protective measures? 

Yes. IP expects to publish a plan by the end of September 2004. In the meantime, 
since March of last year, IP has on two occasions shared a comprehensive national 
risk assessment with the States. Moreover, the IAIP Directorate conducts assess- 
ments on every occasion in which the Secretary elevates the threat level. In these 
cases, IP provides guidance on setting priorities for protective measures. IP’s first 
effort, which also featured the implementation of actions based on our risk assess- 
ment, took place during Operation LIBERTY SHIELD. The second was in response 
to the Congressional requirement to allocate grant funding based on identified 
threats and vulnerabilities. Results from both assessments were briefed to Congres- 
sional leadership. 

Risk assessment is the cornerstone of IP’s risk-managed, threat-driven operating 
model. Vulnerability assessments and threat assessments are part of this model. IP 
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examines and addresses vulnerabilities across the Nation’s infrastructure by using 
a five-step risk management methodology that measures the national risk profile in 
the context, and absence, of threat information. The major steps of the risk manage- 
ment methodology include: 

- Identifying critical infrastructure 

- Assessing vulnerabilities 

- Normalizing, analyzing, and prioritizing protective measures . 

- Implementing protective programs 

- Measuring effectiveness through performance metrics 

The threat environment is dynamic. So, IP uses this methodology across and within 
sectors so that when credible and actionable threat information is known, the Office 
can assess the sector-specific and cross-sector impacts using existing vulnerability 
assessment information. This allows IP to quickly prioritize protective measures 
across and within sectors, and implement these measures quickly, to reduce the 
overall risk posed by the threat. 

Question: (6) The DHS has indicated that it will ’’provide core expertise in 
critical infrastructure sectors” and that it would organize along critical in- 
frastructure sector lines. It is important for us to understand the 
progressthat has been made in staffing up the Office of Infrastructure Pro- 
tection and integrating the organizations that it inherited. In your testi- 
mony, you indicated that the Infrastructure Protection Office currently has 
roughly 200 employees, staffing up to 450-500 people in 2004. Please pro- 
vide a current detailed organizational chart of the Office of IP that indi- 
cates key functions and the number of employees by function. Please also 
provide a detailed list of currently staffed positions (by function and title; 
it is not necessary to provide individual names) as well as a list of open 
positions that you will fill by 2004. 

Please also provide a detailed list of employees (by title; do not indicate individual 
names) in your office with particular technical expertise in each of the critical infra- 
structure sectors. Please organize this list by the CIP sectors indicated in the The 
National Strategy for the Physical Protection of Critical Infrastructures and Key As- 
sets. Within each sector, please indicate title, level of education, predecessor federal 
agency (EPA, 000, etc. as appropriate) and years of relevant experience in that sec- 
tor. Also please indicate open positions and expected hiring for 2004. 

The following two figures depict Office of Infrastructure Protection positions. 

Figure 1: Detailed Organization Chart 
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Figure 2. Office of Infrastructure Protection, Filled and Vacant Positions by Division 1 
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IP possesses significant technical expertise that it is applying to address infrastruc- 
ture threats and vulnerabilities. The Infrastructure Coordination Division serves as 
the focal point for infrastructure expertise and leads efforts to monitor and coordi- 
nate with each of the thirteen infrastructure sectors. In the coming months, ICD 
will formally establish a National Infrastructure Coordination center, where ana- 
lysts will be assigned to monitor each of the thirteen infrastructure sectors 

(6b) Please provide summary statistics (actual number of personnel as well 
as a percent of total Infrastructure Protection Office employees) for per- 
sonnel along the following lines — 

i) Professional vs. administrative 

ii) Contractor vs. DHS employee 

iii) Detailee vs. DHS employeeivy Technical expert vs. other 
v) Advanced degree vs. bachelors degree or lower 

Category 1: Professional 

Professional staff: 192 (93.2%), Administrative staff: 14 (6.8%) 

Category 2: Government v. Contractor 

Government FTE: 206 (63.1%), Onsite Contractor: 120 (36.9%) 

Category 3: Detailees 

DHS Employee FTE: 178 (86.4%), Detailees from other agencies: 28 (13.6%) 

Category 4: Technical Expert 

Technical Expert: 146 (70.9%), Other: 60 (29.1%) 

Category 5: Advanced Degrees 

At this time, there are 49 employees with advanced degrees in the Office of Infra- 
structure Protection. 

Question: (7) Please provide a comprehensive list and brief description of all 
programs that the Office of IP has in place and initiatives that it is pur- 
suing to increase critical infrastructure protection. 

The attached inventory of IP programs provides a high level summary of key se- 
lected programs. 

Question: (8) During the September 17, 2003 hearing, Congressman Lucas 
asked whether the “DHS relies too heavily on voluntary private sector ac- 
tion to improve their infrastructure protection.” You responded that you 


1 Notes: “Open Positions” based on FY04 authorized staffing level of 364 FTE; Total headcount 
increases to 376 when the 12 NCS detailees are included (which is beyond the current NCS au- 
thorized level of96); Large number of open positions in PSD is driven by need to establish field 
organization; All data accurate as of 3-19—04 
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“do not believe the voluntary approach in the private sector [to critical in- 
frastructure protection] is the inappropriate approach.” Do you believe, 
however, that the federal government should be doing more in any par- 
ticular sectors? In particular, can you provide a more detailed answer to 
Mr. Lucas’ question in light of an October 2002, letter to the Wash- 
ington, Post, in which Secretary Ridge and former EPA administrator Whit- 
man stated that for chemical facilities, “voluntary efforts alone are not suf- 
ficient to provide the level of assurance Americans deserve.” Please re- 
spond to comments by Patrick Wood, chairman of the FERC, who stated in 
the Wall Street Journal in an article on the August, 2003, blackout that, 
“We cannot simply let markets work. We must make markets work” 

IP has not seen the full transcript of Mr. Wood’s comments and is unaware of the 
full context in which they were written. IP’s philosophy is to work with industry 
advisory groups and private-sector standard-setting organizations to foster develop- 
ment of standards that will be voluntarily adopted by industry and, ultimately, by 
individual owners and operators. If IP judges that voluntary standards prove inad- 
equate to meet pressing security concerns, the Office will consider additional steps 
to improve the protection of our Nation’s infrastructures. For now, the programs IP 
has developed and is implementing will enhance the security and resiliency of the 
Nation’s critical infrastructures and assets by providing practical, actionable advice 
and with tools and methodologies to improve security at little or no cost. 

Question: (9) In the absence of a comprehensive critical-infrastructure risk 
assessment from the DHS, can you let the committee know, in your opinion, 
which of our critical infrastructure sectors pose the greatest national secu- 
rity concern? Rank — in relative order starting with the highest concern the 
top five critical infrastructure sectors that you believe pose the greatest 
risk. Briefly discuss the reasons for your selections and rankings. In each 
of the sectors you describe, what has the private sector done since 9/11 to 
increase protection? What key initiatives have the Administration and the 
DHS pursued to improve protection and since when? 

Security considerations preclude an answer in this response. IP would welcome the 
opportunity to address this matter before the committee in closed session. 

(10) In past testimony and reports, the General Accounting Office (GAO) has identi- 
fied a number of significant CIP challenges, including: 

• Clear delineation of CIP roles and responsibilities for federal, state, local, 
and private sector actors; clarification of how CIP entities will coordinate 
their activities 

• Clear definition of interim objectives and milestones 

• Clear timeframes for achieving objectives 

• Establishment of performance metrics 

• Improvement in analytical and warning capabilities 

Please provide a detailed list of what significant interim objectives and 
milestones the DHS Infrastructure Protection Office has in place to im- 
prove critical infrastructure protection? [Q00605] What firm timeframes 
does the Office of IP have in place for these objectives? 

IP has completed a number of actions not addressed here and is continuing to de- 
velop and implement guidelines and milestones for the CIP framework. This frame- 
work formulates a clear CIP plan, policies, priorities, and measures. In order to do 
so, the Office is forging partnerships with the key Federal, State, local, and industry 
stakeholders that will be crucial to our success. To drive and sustain this effort, IP 
is pursuing a systematic, risk management-based approach to identify, evaluate, 
and measure each of the critical infrastructures against a common and consistent 
set of factors. Some key objectives and milestones include: 

1. Formulate a clear CIP plan, policies, priorities, and measures by — 

• Completing implementation of a DHS program office to handle foreign ac- 
quisition, control, or influence over critical infrastructure (2nd Quarter 
2004) 

• Completing implementation of the Critical Infrastructure Information 
(PCII) program for protected CII voluntarily submitted by industry (4th 
Quarter 2004) 

2. Clarifying ambiguous roles, responsibilities, and authorities with respect to CIP 
by— 

• Circulating the National Plan for Critical Infrastructure and Key Re- 
sources Protection to key Federal, State, and local critical protection stake- 
holders (4th Quarter 2004) 



229 


• Completing training for all State homeland security advisors and relevant 
Federal officers on their roles and responsibilities for infrastructure protec- 
tion (4th Quarter 2004) 

3. Developing nationwide critical infrastructure and key asset registry by 

• Identifying and validating inventory of all critical infrastructure and key 
asset databases across federal, state, and local jurisdictions and the private 
sector (3rd Quarter 2004) 

• Evaluating, setting priorities for, and consolidating all critical asset data- 
bases into a single database (3rd Quarter 2004) 

4. Producing vulnerability assessments by sector, region, and localities by — 

• Completing vulnerability assessments for the top 50 sites identified under 
HSPD #7, paragraph 7(a) (4th Quarter 2004) 

5. Mapping threats to vulnerabilities by — 

• Developing pilot risk assessment software to analyze economic con- 
sequence and loss of life for attacks against specific infrastructure targets 
and develop and disseminate risk assessment briefings for the first 500 of 
1,000 critical facilities (3rd Quarter 2004) 

6. Employing risk mitigation methodology to set priorities for protective actions and 
distribution of funds by- 

• Collecting and evaluating protection and risk assessment methodologies 
used by the private sector; Federal, State, and local governments; and na- 
tional laboratories to assess gaps in current infrastructure protection meth- 
odologies and developing plan to mitigate gaps in current methodologies 
(3rd Quarter 2004) 

• Deploying the first 25-30 Protective Security Advisors to train infrastruc- 
ture owners and operators to identify vulnerabilities and ensure appro- 
priate protective measures are taken (4th Quarter 2004) 

7. Establishing comprehensive overview of the status of physical and cyber infra- 
structure by — 

• Identifying and modeling widespread cyber disruption scenarios (2nd 
Quarter 2004) 

• Developing and piloting geospatial analysis tools and capabilities for the 
telecommunications and energy infrastructures (3rd Quarter 2004) 

8. Issuing timely, effective warnings for specific, imminent threats by — 

• Implementing Emergency Notification Service to automatically alert ap- 
propriate constituents of DHS alerts, warnings, and information bulletins 
(2nd Quarter 2004) 

• Expanding coverage of the Critical Infrastructure Warning Information 
Network (CWIN) across government and industry CIP community to at 
least 100 total nodes (4th Quarter 2004) 

9. Building partnerships with industry and other non-governmental groups by — 

• Redesigning the Information Sharing and Analysis Center (iSAC) model 
in partnership with the ISAC Council and sector coordinators (3rd Quarter 
2004) 

10. Enhancing our ability to measure success and performance of our national infra- 
structure protection program — 

• Conducting industry-wide survey for establishing baseline security meas- 
ures that is sponsored by the American Society for Industrial Security in 
coordination with the Office of Infrastructure Protection (3rd Quarter 2004) 

• Designing, develoing, and distributing metrics and feedback mechanisms 
for all Cl sectors and key assets (4t Quarter 2004) 

What performance metrics does the Office of IP have in place to measure its 
progress against objectives, milestones, and timeframes? 

IP tracks progress of the objectives and milestones listed above on a monthly basis. 
Moreover, the Office is in the process of developing a Performance Measurement 
System that tracks both program efficiency and effectiveness. Underlying this sys- 
tem will be measurement methodologies that are statistically and scientifically valid 
and defendable. IP’s goal is to use metrics to not only measure historical progress, 
but to prompt actions and behaviors that improve the protection and security of our 
nation’s infrastructures. 

Question: (11) A number of states and industries have made significant 
progress in comprehensively assessing their own critical infrastructure 
vulnerabilities? What leadership role, if any, has the DHS played in pro- 
viding leadership, guidance, and assistance to states and industry in these 
efforts? Has the DHS intelligently leveraged the work already done by 
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states and industry to assess Cl vulnerabilities as it seeks to perform its 
own comprehensive Cl risk assessment? 

In October 2003, the Office provided analyses and recommendations in two sets of 
sector-specific reports: the Potential Indicators of Terrorist Activities Report and the 
Characteristics and CommonVulnerabilities Report. Eight categories were selected 
for special attention during Operation LIBERTY SHIELD, and IP designed a com- 
prehensive national plan to increase the protection of America’s citizens and specific 
infrastructure within the United States during Operation Iraqi Freedom. As part of 
LIBERTY SHIELD, Secretary Ridge asked State governors to provide additional 
protection for 145 specific assets that fell within one of the those same eight cat- 
egories: 

• Chemical Facilities 

• Nuclear Power Plants 

• Nuclear Spent Fuel Storage Facilities . Petroleum Facilities 

• Liquefied Natural Gas Storage Facilities . Railroad Bridges 

• Subways 

• Highway Tunnels 

Using the above eight LIBERTY SHIELD-designated categories as a starting point, 
DHS has developed a Buffer Zone Protection Plan (BZPP) template for each. These 
plans were prepared to assist in better integrating federal, state, and local as well 
as private sector security planning and were distributed throughout the protective 
security community. BZPPs are designed to identify site-specific vulnerabilities, de- 
scribe the types of terrorist tactics and activities that likely would be successful in 
exploiting those vulnerabilities, and recommend preemptive and protective actions 
to mitigate vulnerabilities so that terrorists are no longer able to successfully exploit 
them. As previously referenced in response to 0.00600, IP works with private indus- 
try to promote voluntary cooperation to protect critical infrastructures; this initia- 
tive offers an illustrative example of our philosophy in practice. 

Question: (12) To date, are you aware of how many states have performed 
comprehensive critical-infrastructure risk analyses? How many of the risk 
assessments performed by states has the Infrastructure Protection Office 
collected? What has the Infrastructure Protection Office done, if anything, 
to integrate the assessments conducted by the states into the comprehen- 
sive risk assessment efforts of the DHS? 

All of the states and territories completed their assessments by the end of last year. 
All of the inputs are being integrated into our risk assessment processes. Once com- 
pleted, IP will start an iterative process with the states and territories to improve 
the quality and usefulness of the entire risk assessment effort. 

Question: (13) Does the DHS have insights into what methodology the states 
are primarily using for their risk assessments? What guidance has the DHS 
provided to states on what methodology they should be using? Are you fa- 
miliar with the Department of Defense’s CARVER methodology, which was 
used by California in its assessment of its critical infrastructure 
vulnerabilities? Do you have an opinion on whether the CARVER method- 
ology is the most thorough standard that states should be following? If not, 
what methodology does the DHS recommend that states be following? 

IP is currently compiling and reviewing the submissions and inputs from the states 
on methodologies they are using to examine vulnerabilities. The Office is familiar 
with CARVER and believes it is a useful methodology. There are other acceptable 
methodologies developed by the government and by private industry. In the end, ap- 
plying common principles to the process of identifying vulnerabilities, correcting 
them, and measuring performance is more important than the actual methodology 
used. 

Question: (14) How is the DHS Office of IP organized to coordinate with pri- 
vate sector ISACs? Are ISACs the best organizations to lead sector-based 
industry efforts to share critical infrastructure information? What role do 
you see for the ISACs going forward? Is the federal government doing 
enough to support ISAC efforts? Do you see role for federal funding of the 
ISACs? 

IThe Infrastructure Coordination Division is the focal point for collaboration with 
the private sector ISACs. HSPD-7 reaffirmed the relationship between the ISAC 
community and the federal government. IP is collaborating with the ISAC Council 
to develop a framework that allows us to move forward as a community. The ISACs 
offer a primary means to support two-way information sharing between the owners 
and operators of facilities in an individual sector and across the thirteen infrastruc- 
ture sectors. IP is satisfied with its current effort with the ISACs, but is actively 
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looking for ways to expand and improve information sharing capabilities with the 
critical infrastructure sectors. In addition to the ISACs, IP is working closely with 
the Sector-Specific Agencies and Sector CoordinatorslSector Leadership for each crit- 
ical infrastructure sector to improve information sharing and operational coordina- 
tion. Consistent with the provisions of HSPD-7, IP sees strong, trusted working re- 
lationships between all these entities — DHS, Sector-Specific Agencies, Sector Coordi- 
nators, and ISACs — as a cornerstone of an effective national risk management ap- 
proach to protect critical infrastructures. 

AIP continues to support the work of the critical infrastructure sectors and their 
ISACs, including financial support for sector-specific and cross-sector desktop exer- 
cises, cross-sector studies, and joint meetings. 

Question: (15) This month, the American Society of Civil Engineers (ASCE) 
released a Progress Report on its 2001 Report Card on America’s Infra- 
structure. In this report, the ASCE examined current status and trends in 
the nation’s deteriorating infrastructure. In their assessment, the Energy 
infrastructure received a D+; Roads and Bridges received a D+/C; Transit 
a C-; Drinking Water a D; Wastewater a D; Dams a D; and Hazardous Waste 
a D+. Does the poor state of a number of our infrastructure sectors have 
serious negative implications for the security of those sectors against po- 
tential terrorist attack? What is the relationship between reliability and se- 
curity when it comes to critical infrastructure protection? 

The report cited is but one factor in our evaluation of the security of our national 
infrastructure which is, in many ways, a different issue than its reliability. In gen- 
eral, the more fragile an infrastructure, the nearer it is to the limits of its inherent 
resiliency and sustainability. It follows that a less robust infrastructure is more vul- 
nerable to attack, is less likely to recover, and therefore poses a higher risk than 
a healthy one. The interplay between the security situation at specific facilities and 
the net overall effect on the entire infrastructure is a complex one, not susceptible 
to a broad response. For example, bridges may be vulnerable, but an attack on all 
at once would be an unlikely scenario. This is obviously a sensitive subject and we 
would ask that this report and its implications be discussed more fully in a classi- 
fied environment. 
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United States Gengeral Accounting Office 
Washington, DC 20548 

December 8, 2003 

The Honorable Dave Camp 

Chairman, Subcommittee on Infrastrucutre 

and Border Security 

Select Committee on Homeland Security 
House of Representatives 

The Honorable Mac Thornberry 
Chairman, Subcommittee on Cybersecurity, 

Science, and Research and Development 
Select Committee on Homeland Security 
House of Representatives 

Subject: Posthearing Questions from the September 17, 2003, Hearing on “Implica 
tions of Power Blackouts for the Nation’s Cybersecurity and Critical 
Infrastructure Protection: The Electric Grid, Critical Interdependencies, 
Vulnerabilities, and Readiness” 

As requested in your letter of November 5, 2003, this letter provides our re- 
sponses for the record to the questions you posed to GAO. At the subject hearing, 
we discussed the challenges that the Department of Homeland Security (DHS) faces 
in integrating its information gathering and sharing functions, particularly as they 
relate to fulfilling the department’s responsibilities for critical infrastructure protec- 
tion (CIP). 

Question: GAO released a report on information sharing in August of this 
year. It found that “no level of government perceived the [information 
sharing] process as effective, particularly when sharing information with 
federal agencies.” How does [this] finding relate to what happened during 
the August 2003 blackout? 

In our August 2003 report on information sharing, we identified initiatives that 
had been undertaken to improve the sharing of information to prevent terrorist at- 
tacks and surveyed federal, state, and city government officials to obtain their per- 
ceptions on how the current information-sharing process was working. 1 Our survey 
showed that none of the three levels of government perceived the current informa- 
tion-sharing process to be effective when it involved the sharing of information with 
federal agencies. Specifically, respondents reported that information on threats, 
methods, and techniques of terrorists was not routinely shared, and the information 
that was shared was not perceived as timely, accurate, or relevant. Further, 30 of 
40 states and 212 of 228 cities responded that they were not given the opportunity 
to participate in national policy making on information sharing. Federal agencies in 
our survey also identified several barriers to sharing threat information with state 
and city governments, including the inability of state and city officials to secure and 
protect classified information, their lack of federal security clearances, and a lack 
of integrated databases. Further, this report identified some notable information- 
sharing initiatives. For example, the Federal Bureau of Investigation (FBI) reported 
that it had significantly increased the number of its Joint Terrorism Task Forces 
and, according to our survey, 34 of 40 states and 160 of 228 cities stated that they 
participated in information-sharing centers. 

Performed primarily before DHS began its operations and not focused on the fed- 
eral government’s CIP efforts, this report did not specifically relate to the impact 
of these information-sharing challenges on any specific events, including the August 
2003 blackout. However, as indicated in our written statement for the September 
17 hearing, 2 our past information-sharing reports and testimonies have identified 
information sharing challenges and highlighted its importance to developing com- 
prehensive and practical approaches to defending against potential cyber and other 
attacks, as well as to DHS meeting its mission. 

Question: A June 2003 GAO report on federal collection of electricity in- 
formation found significant gaps in collection for information needed by 
different federal agencies. The report does not mention DHS. In light of the 
Department’s responsibilities with respect to the electrical component of 


1 U.S. General Accounting Office, Homeland Security: Efforts to Improve Information Sharing 
Need to Be Strengthened, GAO-03-760 (Washington, D.C.: Aug. 27, 2003). 

2 U.S. General Accounting Office, Homeland Security: Information Sharing Responsibilities, 
Challenges, and Key Management Issues, GAO-03— 1165T (Washington, D.C.: Sep. 17,2003). 
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critical infrastructure, what can you say about the kinds of information it 
needs, and whether it has the ability to obtain that information? 

With the ongoing transition (or restructuring) of electricity markets from regu- 
lated monopolies to competitive markets, accurate information on electricity trading 
and pricing is becoming more critical not only for evaluating the potential benefits 
and risks of restructuring, but also for monitoring market performance and enforc- 
ing market rules. Our June 2003 report focused on describing the information that 
is collected, used, and shared by key federal agencies — such as the Federal Energy 
Regulatory Commission and the Energy Information Administration within the De- 
partment of Energy — and the effect of restructuring on these agencies’ collection, 
use, and sharing of this information. 3 In the aftermath of electricity price spikes and 
other efforts to manipulate electricity markets in California, our work focused on 
the oversight of restructured electricity markets-not the physical security of the sys- 
tem’s components. With this focus, we did not include DHS in the scope of our work. 

However, we have made numerous recommendations over the last several years 
related to information sharing functions that have been transferred to DHS. One 
significant area concerns the federal government’s CIP efforts, which is focused on 
the sharing of information on incidents, threats, and vulnerabilities, and the pro- 
viding of warnings related to critical infrastructures both within the federal govern- 
ment and between the federal government and state and local governments and the 
private sector. Although improvements have been made, further efforts are needed 
to address the following critical CIP challenges: 

• developing a comprehensive and coordinated national plan to facilitate CIP 
information sharing that clearly delineates the roles and responsibilities of fed- 
eral and nonfederal CIP entities, defines interim objectives and milestones, sets 
timeframes for achieving objectives, and establishes performance measures; 

• developing fully productive information sharing relationships within the fed- 
eral government and between the federal government and state and local gov- 
ernments and the private sector; 

• improving the federal government’s capabilities to analyze incident, threat, 
and vulnerability information obtained from numerous sources and share appro- 
priate, timely, useful warnings and other information concerning both cyber and 
physical threats to federal entities, state and local governments, and the private 
sector; and 

• providing appropriate incentives for nonfederal entities to increase informa- 
tion sharing with the federal government and enhance other CIP efforts. 

Regarding the kinds of information that DHS needs, the Homeland Security Act 
and other federal strategies acknowledge the importance of information sharing and 
identify multiple responsibilities for DHS to share information on threats and 
vulnerabilities for all CIP sectors. In particular: 

• The Homeland Security Act authorizes DHS’s Under Secretary for Informa- 
tion Assurance and Infrastructure Protection to have access to all information 
in the federal government that concerns infrastructure or other vulnerabilities 
of the United States to terrorism and to use this information to fulfill its re- 
sponsibilities to provide appropriate analysis and warnings related to threats to 
and vulnerabilities of critical information systems, crisis management support 
in response to threats or attacks on critical information systems, and technical 
assistance upon request to private-sector and government entities to respond to 
major failures of critical information systems. 

The National Strategy to Secure Cyberspace encourages DHS to work with the Na- 
tional Infrastructure Advisory Council and the private sector to develop an optimal 
approach and mechanism to disclose vulnerabilities in order to expedite the develop- 
ment of solutions without creating opportunities for exploitation by hackers. 4 DHS 
is also expected to raise awareness about removing obstacles to sharing information 
concerning cybersecurity and infrastructure vulnerabilities between the public and 
private sectors and is encouraged to work closely with private-sector information 
sharing and analysis centers (ISACs) to ensure that they receive timely and action- 
able threat and vulnerability data and to coordinate voluntary contingency planning 
efforts. 

• The National Strategy for the Physical Protection of Critical Infrastructures 
and Key Assets describes DHS’s need to collaborate with the intelligence com- 


3 U.S. General Accounting Office, Electricity Restructuring: Action Needed to Address Emerg- 
ing Gaps in Federal Information Collection, GAO— 03-586 (Washington, D.C.: Jun. 30, 2003). 

4 The White House, National Strategy to Secure Cyberspace (Washington, D.C.: February 
2003). 
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munity and the Department of Justice to develop comprehensive threat collec- 
tion, assessment, and dissemination processes that are distributed to the appro- 
priate entity in a timely manner. 5 It also enumerates several initiatives directed 
to DHS to create a more effective information-sharing environment among the 
key stakeholders, including establishing requirements for sharing information; 
supporting state and local participation with ISACs to more effectively commu- 
nicate threat and vulnerability information; protecting secure and proprietary 
information that is deemed sensitive by the private sector; implementing proc- 
esses for collecting, analyzing, and disseminating threat data to integrate infor- 
mation from all sources; and developing interoperable systems to share sen- 
sitive information among government entities to facilitate meaningful informa- 
tion exchange. 

Other efforts may help to identify specific information needs for the critical infra- 
structure sectors, including the electric power sector. For example, we are currently 
beginning work to determine the status of the ISACs in undertaking the voluntary 
activities suggested by federal CIP policy to gather, analyze, and disseminate infor- 
mation to and from infrastructure sectors and the federal government. In addition, 
according to the chairman of the recently established ISAC Council, the mission of 
the council is to advance the physical and cybersecurity of the critical infrastruc- 
tures of North America by establishing and maintaining a framework for interaction 
between and among the ISACs. Council activities include establishing and maintain- 
ing a policy for inter-ISAC coordination, a dialog with governmental agencies that 
deal with ISACs, and a practical data and information sharing protocol (what to 
share and how to share). 

Finally, as we discuss in more detail in the response to the next question, Con- 
gress and the administration have taken steps to help improve information sharing. 
These include the incorporation of provisions in the Homeland Security Act of 2002 
to restrict the use and disclosure of critical infrastructure information that has been 
voluntarily submitted to DHS. However, the effectiveness of such steps may largely 
depend on how DHS implements its information sharing responsibilities and the 
willingness of the private sector and state and local governments to share such in- 
formation. It may also require the consideration of various public policy tools, such 
as grants, regulations, or tax incentives. 

Question: The creation of “Critical Infrastructure Information” provides 
companies with a mechanism to voluntarily give this information to the 
federal government. Do you think that private companies will avail them- 
selves of this opportunity? Do you think that Critical Infrastructure Infor- 
mation protections are sufficient? What other incentives might the federal 
government use to obtain this information for homeland security purposes? 
Should the federal government require the submission of this information 
so as to inform the Department of Homeland Security of potential cross- 
sectoral weaknesses and vulnerabilities? 

The Homeland Security Act of 2002 includes provisions that restrict federal, state, 
and local governments’ use and disclosure of critical infrastructure information that 
has been voluntarily submitted to DHS. These restrictions include exemption from 
disclosure under the Freedom of Information Act, a general limitation on use to CIP 
purposes, and limitations on use in civil actions and by state or local governments. 
The act also provides penalties for any federal employee who improperly discloses 
any protected critical infrastructure information. In April 2003, DHS issued for com- 
ment its proposed rules for how critical infrastructure information volunteered by 
the public will be protected. At this time, it is too early to tell what impact the act 
will have on the willingness of the private sector to share critical infrastructure in- 
formation or whether the protections that these provisions provide are sufficient. 

Regarding other incentives that the federal government might use and the need 
to require submission of critical infrastructure information, the National Strategy 
for Homeland Security states that, in many cases, sufficient incentives exist in the 
private market for addressing the problems of CIP. 6 However, the strategy also dis- 
cusses the need to use all available public policy tools to protect the health, safety, 
or well-being of the American people. It mentions federal grant programs to assist 
state and local efforts, legislation to create incentives for the private sector, and, in 
some cases, regulation. The National Strategy for the Physical Protection of Critical 
Infrastructures and Key Assets reiterates that additional regulatory directives and 
mandates should only be necessary in instances where the market forces are insuffi- 


5 The White House, National Strategy for the Physical Protection of Critical Infrastructures 
and Key Assets (Washington, D.C.: February 2003). 

6 The White House, National Strategy for Homeland Security (Washington, D.C.: July 2(02). 
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cient to prompt the necessary investments to protect critical infrastructures and key 
assets. The National Strategy to Secure Cyberspace also states that the market is 
to provide the major impetus to improve cybersecurity and that regulation will not 
become a primary means of securing cyberspace. 

Last year, the Comptroller General testified on the need for strong partnerships 
with those outside the federal government and stated that the new department 
would need to design and manage tools of public policy to engage and work con- 
structively with third parties. 7 We have also previously testified on the choice and 
design of public policy tools that are available to governments. 8 These public policy 
tools include grants, regulations, tax incentives, and regional coordination and part- 
nerships to motivate and mandate other levels of government or the private sector 
to address security concerns. Some of these tools are already being used, for exam- 
ple, in the water and chemical sectors. 

Without appropriate consideration of public policy tools, private-sector participa- 
tion in sector-related information sharing and other CIP efforts may not reach its 
full potential. For example, we reported in January 2003 on the efforts of the finan- 
cial services sector to address cyber threats, including industry efforts to share in- 
formation and to better foster and facilitate sector-wide efforts. 9 We also reported 
on the efforts of federal entities and regulators to partner with the financial services 
industry to protect critical infrastructures and to address information security. We 
found that although federal entities had a number of efforts ongoing, Treasury, in 
its role as sector liaison, had not undertaken a comprehensive assessment of the 
public policy tools that potentially could encourage the financial services sector to 
implement information sharing and other CIP-related efforts. Because of the impor- 
tance of considering public policy tools to encourage private-sector participation, we 
recommended that Treasury assess the need for public policy tools to assist the in- 
dustry in meeting the sector’s goals. In addition, in February 2003, we reported on 
the mixed progress that five ISACs (including the Electricity ISAC) had made in ac- 
complishing the activities suggested by Presidential Decision Directive (PDD) 63. 10 
We recommended that the responsible lead agencies assess the need for public pol- 
icy tools to encourage increased private-sector CIP activities and greater sharing of 
intelligence and incident information between the sectors and the federal govern- 
ment. 

Question: In the absence of a comprehensive critical-infrastructure risk 
assessment from the DHS, can you let the committee know, in your opinion, 
which of the critical infrastructure sectors pose the greatest national secu- 
rity concern? Rank-in relative order starting with the highest concern — the 
top five critical infrastructure sectors that you believe pose the greatest 
risk. Briefly discuss the reasons for your selections and rankings. In each 
of the sectors you describe, what has the private sector done since 9/11 to 
increase protection? What key initiatives have the Administration and the 
DHS pursued to improve protection and since when? 

Much of our work on federal CIP has focused on cybersecurity and the overall 
threats and risks to critical infrastructure sectors. This work did not include assess- 
ments of specific sectors that would enable us to identify or rank which of the sec- 
tors pose the greatest national security concern or greatest risk. We believe that all 
the critical infrastructures are important in that, as defined by the USA PATRIOT 
Act and highlighted in the National Strategy for Homeland Security, they represent 
“systems and assets, whether physical or virtual, so vital to the United States that 
the incapacity or destruction of such systems and assets would have a debilitating 
impact on security, national economic security, national public health or safety, or 
any combination of those matters.” Further, determining which sectors pose the 
greatest risk would require not only an assessment of individual sector security, but 
also consideration of the interdependencies among sectors. For example, assuring 
electric service requires operational transportation and distribution systems to guar- 
antee the delivery of the fuel that is necessary to generate power. Also, the devices 
that control our physical systems, including our electrical distribution system, trans- 
portation systems, dams, and other important infrastructures, are increasingly con- 


7 U.S. General Accounting Office, Homeland Security: Proposal for Cabinet Agency Has Merit, 
But Implementation Will Be Pivotal to Success, GAO— 01-886T (Washington, D.C.: June 25, 
2002 ). 

8 General Accounting Office, Combating Terrorism: Enhancing Partnerships Through a Na- 
tional Preparedness Strategy, GAO-02-549T (Washington, D.C.: Mar. 28, 2(02). 

9 U.S. General Accounting Office, Critical Infrastructure Protection: Efforts of the Financial 
Services Sector to Address Cyber Threats, GAO-03-173 (Washington, DC,: Jan. 30, 2003). 

10 U.S. General Accounting Office, Critical Infrastructure Protection: Challenges for Selected 
Agencies and Industry Sectors, GAO— 03-233 (Washington, D.C.: Feb. 28, 2003). 
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nected to the Internet. Thus, the consequences of an attack on our cyber infrastruc- 
ture could cascade across many sectors. 

The administration has taken a number of steps to improve the protection of our 
nation’s critical infrastructures, including issuance of the National Strategy to Se- 
cure Cyberspace and the complementary National Strategy for the Physical Protec- 
tion of Critical Infrastructures and Key Assets. Called for by the National Strategy 
for Homeland Security, these two strategies identify priorities, actions, and respon- 
sibilities for the federal government, including lead agencies and DHS, as well as 
for state and local governments and the private sector. However, we have not under- 
taken an in-depth assessment of DHS’s cyber CIP efforts that could enable us to 
describe what DHS or the private sector have done to improve protection. 

In past testimony and reports, the General Accounting Office (GAO) has 
identified a number of significant CIP challenges, including: 

i) Clear delineation of CIP roles and responsibilities for federal, state, 
local, and private sector actors; clarification of how CIP entities will co- 
ordinate their activities 

ii) Clear definition of interim objectives and milestones 

iii) Clear timeframes for achieving objectives 

iv) Establishment of performance metrics 

v) Improvement in analytical and warning capabilities 

Question: Please provide a detailed list of what significant interim objec- 
tives and milestones the DHS Infrastructure Protection Office has in place 
to improve critical infrastructure protection. What firm timeframes does 
the Office of IP have in place for these objectives? What performance 
metrics does the Office of IP have in place to measure its progress against 
objectives, milestones, and timeframes? 

We have made numerous recommendations over the last several years related to 
information-sharing functions that have now been transferred to DHS, including 
those related to the federal government’s CIP efforts. As you indicate, among the 
challenges we have identified is the need for a comprehensive and coordinated na- 
tional plan to facilitate CIP information sharing that clearly delineates the roles and 
responsibilities of federal and nonfederal CIP entities, defines interim objectives and 
milestones, sets timeframes for achieving objectives, and establishes performance 
measures. We also identified the need to improve the federal government’s capabili- 
ties to analyze incident, threat, and vulnerability information obtained from numer- 
ous sources and share appropriate, timely, useful warnings and other information 
concerning both cyber and physical threats to federal entities, state and local gov- 
ernments, and the private sector. The Homeland Security Act of 2002 makes DHS 
and its Information Assurance and Infrastructure Protection directorate responsible 
for key CIP functions for the federal government, including developing a comprehen- 
sive national plan for securing the key resources and critical infrastructure of the 
United States. 

The National Strategy to Secure Cyberspace and the National Strategy for the 
Physical Protection of Critical Infrastructures and Key Assets issued in February 
2003 by the President identify priorities, actions, and responsibilities for the federal 
government, including federal lead departments and agencies and DHS, as well as 
for state and local governments and the private sector. Both define strategic objec- 
tives for protecting our nation’s critical assets. The cyberspace security strategy pro- 
vides a framework for organizing and prioritizing the individual and concerted re- 
sponsibilities of all levels of government to secure cyberspace. The physical protec- 
tion strategy discusses the goals and objectives for protecting our nation’s critical 
infrastructure and key assets from physical attack. However, as we have previously 
testified, neither of the strategies (1) clearly indicates how the physical and cyber 
efforts will be coordinated; (2) defines the roles, responsibilities, and relationships 
among the key CIP organizations, including state and local governments and the 
private sector; (3) indicates time frames or milestones for their overall implementa- 
tion or for accomplishing specific actions or initiatives; or (4) establishes perform- 
ance measures for which entities can be held responsible. 

We have not undertaken an in-depth review of the department’s cyber CIP efforts, 
which would include an assessment of its progress in developing a comprehensive 
national plan that addresses identified CIP challenges and the development of anal- 
ysis and warning capabilities. 

Question: How is the DHS Office of IP organized to coordinate with pri- 
vate sector Information Sharing and Analysis Centers (ISACs)? Are the 
ISACs the best organizations to lead sector-based industry efforts to share 
critical infrastructure information? What role do you see for the ISACs 
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going forward? Is the federal government doing enough to support ISAC ef- 
forts? Do you see fa] role for federal funding of ISACs? 

According to an official in the Infrastructure Protection Office’s Infrastructure Co- 
ordination Division, this division is responsible for building relationships with the 
ISACs and is currently working with them and the sector coordinators (private sec- 
tor counterparts to federal sector liaisons) to determine how best to establish these 
relationships. In addition, this official said that DHS’s interagency Homeland Secu- 
rity Operations Center provides the day-to-day operational relationship with the 
ISACs to share threat and warning information. 

As mentioned previously, we are currently beginning work that will focus on the 
status of ISAC efforts to implement the activities suggested by federal CIP policy. 
This work should provide more information about obstacles to greater information 
sharing, the role of the ISACs in sharing critical infrastructure information, and the 
assistance provided to these organizations by DHS and other federal lead agencies. 
Such federal assistance could include funding, such as the examples of ISAC fund- 
ing that we discussed in our February 2003 report. 11 Specifically, the Energy ISAC 
reported that in the fall of 2002, the Office of Energy Assurance (then within the 
Department of Energy and now transferred to DHS ) had agreed to fund ISAC oper- 
ations-an agreement sought so that membership costs would not prevent smaller 
companies from joining. The new, cost-free Energy ISAC began operations and 
broad industry solicitation for membership in February 2003. Further, for the Water 
ISAC, the Environmental Protection Agency provided a grant for system develop- 
ment and expanded operations. 

Question: This month, the American Society of Civil Engineers (ASCE) re- 
leased a Progress Report on its 2001 Report Card on America’s Infrastruc- 
tures. In this report, the ASCE examined current status and trends in the 
nation’s deteriorating infrastructure. In their assessment, the Energy infra- 
structure received a D+. Roads and bridges received a D+/C. Does the poor 
state of a number of our infrastructure sectors have serious negative impli- 
cations for the security of those sectors against potential terrorist attack? 
What is the relationship between reliability and security when it comes to 
critical infrastructure protection? 

The ASCE’s 2003 progress report on its 2001 report card does not discuss the im- 
plications of deteriorating infrastructure conditions and security against potential 
terrorist attack. 12 Further, GAO has not specifically assessed whether the poor state 
of infrastructure sectors may have serious negative implications for security against 
potential terrorist attack. However, the relationship between reliability and security 
may be an appropriate consideration as DHS and the critical infrastructure sectors 
identified in federal CIP policy continue their efforts to assess the vulnerabilities of 
these sectors to cyber or physical attacks. 

We are sending copies of this letter to DHS and other interested parties. Should 
you or your offices have any questions on matters discussed in this letter, please 
contact me at (202) 512-3317. I call also be reached by e-mail at daceyr@gao.gov. 
Sincerely yours, 

Robert F. Dacey 

Director, Information Security Issues 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. However, because 
this work may contain copyrighted images or other material, permis- 
sion from the copyright holder may be necessary if you wish to repro- 
duce this material separately. 

GAO’s Mission 

The General Accounting Office, the audit, evaluation and investigative arm 
of Congress, exists to support Congress in meeting its constitutional respon- 
sibilities and to help improve the performance and accountability of the fed- 
eral government for the American people. GAO examines the use of public 
funds; evaluates federal programs and policies; and provides analyses, rec- 
ommendations, and other assistance to help Congress make informed over- 


11 GAO-03-233. 

12 American Society of Civil Engineers, 2003 Progress Report: An Update to the 2001 Report 
Card, September 2003. 
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sight, policy, and funding decisions. GAO’s commitment to good government 
is reflected in its core values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony 

The fastest and easiest way to obtain copies of GAO documents at no cost 
is through the Internet. GAO’s Web site (www.gao.gov) contains abstracts 
and full-text files of current reports and testimony and an expanding ar- 
chive of older products. The Web site features a search engine to help you 
locate documents using key words and phrases. You can print these docu- 
ments in their entirety, including charts and other graphics. 

Each day, GAO issues a list of newly released reports, testimony, and cor- 
respondence. GAO posts this list, known as “Today’s Reports,” on its Web 
site daily. The list contains links to the full-text document files. To have 
GAO e-mail this list to you every afternoon, go to www.gao.gov and select 
“Subscribe to e-mail alerts” under the “Order GAO Products” heading. 
Order by Mail or Phone 

The first copy of each printed report is free. Additional copies are $2 each. 
A check or money order should be made out to the Superintendent of Docu- 
ments. GAO also accepts VISA and Mastercard. Orders for 100 or more cop- 
ies mailed to a single address are discounted 25 percent. Orders should be 
sent to: 

U.S. General Accounting Office 
441 G Street NW, Room LM 
Washington, D.C. 20548 

To order by Phone: Voice: TDD: Fax: (202) 512-6000, (202) 512-2537, (202) 
512-6061 

To Report Fraud, Waste, and Abuse in Federal Programs 

Contact: 

Web site: www.gao.govjfraudnetjfraudnet.htm 
E-mail: fraudnet@gao.gov 

Automated answering system: (800) 424-5454 or (202) 512-7470 
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